com 


Storage  showcase  Cisco,  Hitachi,  Network  Appliance 

and  others  set  to  announce  storage  products.  PAGE  8. 


On  Siebel's  watch  While  it's  still  the  CRM 

market  leader,  Siebel  has  challenges  ahead.  PAGE  23. 


IRS  touts  savings 
of  mgmt  project 

■  BY  DENISE  DUBIE 

AUSTIN,  TEXAS  —  It 
for  the  IRS.That  is,  the 
sive,  four-year  network 
overhaul  is  starting  to 

It’s  hard  to  gauge  just  what  the  payback  has  been  because  the  IRS 
won’t  divulge  how  much  it  spent  on  the  project.  However,  the  agency 
will  say  that  the  effort  has  netted  $2.6  million  in  savings  so  far  this 
year  at  its  support  center  in  Austin,  which  has  day-to-day  responsibil¬ 
ity  for  managing  about  132,000  networked  devices  at  87  locations. 
The  savings  are  the  result  of  a  60,000-hour  reduction  in  the  time 
required  for  managing  servers,  desktops  and  other  systems. 

At  the  heart  of  the  project  are  products  from  IBM  Tivoli  that  are 
being  used  with  other  vendors’  tools  to  automate  software  distribu¬ 
tions,  conduct  software  inventories,  update  security  patches  and 
track  licenses.The  IRS  system  —  which  Tivoli  calls  one  of  its  four  largest 
deployments  —  replaces  a  largely“sneakernet”system  in  which  a  team 

See  IRS,  page  16 


’s  refund  time 
agency’s  mas- 
management 


Lessons  from  leading  users 
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Intrusion  prevention 
to  highlight  RSA  show 


■  BY  ELLEN  MESSMER 

SAN  FRANCISCO  —  Attendees 
at  this  week’s  RSA  Conference 
will  get  a  good  look  at  an  emerg¬ 
ing  cluster  of  products  designed 
to  identify  attacks  and  block 
nefarious  traffic  before  it  can 
invade  corporate  networks. 

About  a  dozen  vendors,  includ¬ 
ing  Internet  Security  Systems 


(ISS)  and  IntruVert  Networks,  will 
introduce  intrusion-prevention 
systems  (IPS)  that  combine  the 
intelligence  of  intrusion-detec¬ 
tion  systems  (IDS)  and  attributes 
of  firewalls. 

With  the  market  so  young,  ven¬ 
dors  hope  these  new  IPS  wares 
will  help  win  over  business  cus¬ 
tomers  who  are  worried  about 

See  RSA,  page  9 


Page  35 

Test  Alliance  member  Barry  Nance  loads  up  five 
hacking  tools  and  launches  a  pre-emptive  strike  on  a 
Web  site  to  find  out  where  the  security  holes  are. 


■  BY  JOHN  COX 


You  have  a  wireless  LAN  with 
50  access  points. You  manage  it 
using  running  shoes,  bailing 
wire  and  spit.  Now,  a  host  of 
companies  say  they’ve  got  a 
solution  and  it  looks  a  lot  like 
something  you  already  use:  an 
Ethernet  switch. 

Two  start-ups,  Aruba  Networks 
and  Trapeze  Networks,  and  big 
fish  Extreme  Networks,  are 
rolling  out  switches  this  week 
that  secure  and  control  com¬ 
panion  WLAN  access  points, 
the  goal  being  to  extend  tradi¬ 
tional  network  control  to  the 
wireless  realm. 

By  shifting  intelligence  from 
access  points  back  to  the  switch, 
these  and  other  vendors  — 


■  Review:  We  tested 
eight  tools  that  detect 
rogue  wireless  access 
points.  See  results  on 
page  39. 


including 
Airespace,  which 
announced  a 
product  last 
week  (see  www. 
nwfusion.com, 

DocFinder:  5138) 

—  can  simplify 
wireless  deploy¬ 
ment  by  building 
in  support  for  security  radio  opti¬ 
mization  and  other  advanced 
management  tasks. 

While  Aruba,  Trapeze  and 
Airespace  are  hoping  the 
approach  will  help  them  make  a 
mark,  Extreme  simply  sees  the 
advance  as  the  evolution  of  its 
edge  device.  The  company  in¬ 
tends  to  treat  radio  waves  as  just 
another  medium,  like  copper  and 
fiber,  in  an  enterprise  network. 


Distinguishing 
between  the  products  is  still  dif¬ 
ficult  because  most  vendors  are 
just  starting  beta  tests  and  won’t 
ship  products  until  midyear.  But 
there  are  differences. 

Aruba’s  switch  has  up  to  72 
10/100M  bit/sec  Ethernet  ports  to 
connect  to  wireless  access 
points;  Extreme  has  48,  and 
See  Wireless,  page  53 


WHY  NOT  CUT  COSTS 
WITHOUT  CUTTING 
CORNERS? 

It's  simple,  really:  When  you  buy  commodity  hardware,  you  get  commodity 
features.  So  why  not  get  premium  features  for  the  same  price?  With  a  line 
of  powerful  servers  starting  at  just  $995,  Sun  proves  once  again  that  you 
can  lower  costs  and  complexity  without  compromising  quality. 

Sun  has  an  entire  family  of  servers  built  to  deliver  enterprise-level  performance 
and  reliability  at  highly  competitive  prices.  Which  means  that  for  the  cost  of 
an  alarmingly  mediocre  Wintel  box,  you  can  get  an  ultra-reliable  Sun  server 
ready  to  take  on  your  most  mission-critical  tasks.  From  CRM  applications  to 
e-mail  and  Web  serving.  With  this  kind  of  bang  for  the  buck,  it’s  no  wonder 
Sun  has  remained  the  UNIX®  server  leader  every  year  since  1998* 

So  go  ahead  and  ask  yourself:  Is  your  business  a  commodity  business?  Do 
you  aspire  to  deliver  parity  products  that  deliver  parity  returns?  Why  not  use 
Sun  servers  to  break  away  from  the  pack  once  and  for  all? 


To  find  out  more  about  how  Sun  servers  can  deliver 
state-of-the-art  technology  at  state-of-the-economy  prices, 
visit  SUN.COM/WHYNOT 


A 


microsystems 
We  make  the  net  work. 


SUN™ LX50  A  powerful  entry-level 
x86  server  that  runs  Sun  Linux  or 
Solaris’1*  Operating  Environment.  It’s  fully 
supported  by  Sun  and  priced  at  $2,795. 


SUN  FIRE  V480  A  winning  SPARC®/ 

Solaris  server  that  delivers  the  horsepower 
to  run  e-commerce,  OLTP,  supply  chain 
and  database  management  applications. 


•Source:  ID  Quarterly  ServerTracker,  February  2003.  Based  on  revenue  and  shipment  growth,  CY2002,  all  OSs. 

©2003  Sun  W  <  .  All  rights  reserved.  Sun,  Sun  Microsystems,  the  Sun  logo,  Sun  Fire,  Solaris  and  Sun  StorEdge  are  trademarks  or  registered  trademarks  of  Sun  Microsystems,  Inc.  in  the  United  States  and 

other  countri.  trademarks  are  used  under  license  and  are  trademarks  or  registered  trademarks  of  SPARC  International,  Inc.  in  the  United  States  and  other  countries.  Products  bearing  SPARC  trademarks 

are  based  01  a  developed  by  Sun  Microsystems,  Inc.  UNIX  is  a  registered  trademark  in  the  United  States  and  other  countries,  exclusively  licensed  through  X/Open  Company,  Ltd. 


SUN  FIRE ™  V1280  Enterprise-class  features 

and  aggressive  price  points,  so  you  can  lower 
the  cost  of  reliability. 


SUN  STOREDGE™  3510  sun  s  new 

Fibre  Channel  Array  with  enterprise-class 
features.  It’s  the  ideal  companion  to 
Sun’s  entry-level  and  workgroup  servers. 


SUN  FIRE  V880  Sun’s  best-selling 

server  for  departments  or  data  centers. 
With  more  standard  features,  there  are 
no  hidden  costs  and  no  surprises. 
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He  anticipates  hisHf$7its'  every  need.  He  expects  the  same.  And  that's 

T  iu 

just  what  happened  when  William's  credit  card  company  detected  a 
suspicious  charge.  Since  his  cell  phone  is  activated  on  the  network, 
the  bank  could  get  to  him  immediately  with  a  copy  of  the  transaction. 
The  charge  was  legit.  Yep,  he  was  spared  the  hassle  of  his  card 
refused  in  front  of  clients  at  the  clubhouse.  At  Nortel  Networks,  we 
call  this  "the  engaged  business  model"  And  we  make  it  possible 
by  enabling  business  to  engage  their  customers  through  delivering 
critical,  time-sensitive  information  on  whatever  device  they  prefer. 
Before  they  even  know  they  need  it.  So  businesses  can  win  the 
loyalty  necessary  to  build  a  solid  revenue  base.  Leveraging  solutions 
like  contact  centers  and  application-aware  switching.  Insuring  user 
mobility  and  network  continuity.  Accelerating  productivity  while 
lowering  costs.  The  results:  customers  like  William  become  customers 
for  life.  All  delivered  by  our  Enterprise  vision.  One  network.  A  world 
of  choice,  nortelnetworks.com/onenetwork 


NORTEL 

NETWORKS 


Nortel  Networks,  the  Nortel  Networks  logo  and  the  Globemark  are  trademarks  of  Nortel  Networks.  ©  2003  Nortel  Networks.  All  rights  reserved. 
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8  Storage  vendors  target  those  with  regulatory  burdens. 

8  Tivoli  users  discuss  realities  of  automation. 

12  Nortel  raises  voice-over-IP  security  flag  at  RSA  show. 

12  Liberty  turning  first  spec  over  to  OASIS, 
will  introduce  two  more. 

14  Router  newcomers  to  take  on  Cisco  and  Juniper. 
14  Novell  to  unveil  cross-platform  GroupWise  client. 
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Infrastructure 

■  17  Extreme  adds  switch  oomph. 

■  17  Sun  fills  server,  storage 
families  at  product  blowout. 

■  18  Kevin  Tolly:  Aggregating 
air:  Toward  optimizing  wireless. 

Enterprise 

Applications 


Technology  Update 

■  29  Artificial  intelligence  scopes 
out  spam. 

■  29  Steve  Blass:  Ask  Dr. 

Internet. 

■  30  Mark  Gibbs:  Windows 
registry. 

■  30  Keith  Shaw:  Coming 
soon  to  network  cameras. 


Be  the  hacker:  Ethical  hacking  of  your  own 
Web  site  can  reveal  problems  and  security  vulnerabili¬ 
ties  before  the  bad  guys  find  them.  Page  35. 

Review:  We  put  eight  wireless  LAN  protocol  ana¬ 
lyzers  to  the  test.  Page:  39. 

Tester’s  Choice:  Kenneth  Percy  delves  into 
the  true  meaning  of  99.999%  uptime.  Page  42. 


■  23  Siebel  Systems  guards  its 
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■  25  Nextel's  popular  Direct- 
Connect  feature  soon  to  be  imitated 
by  other  wireless  carriers. 


Opinions 

■  32  Editorial:  Top  security 
vendors  called  to  NYC  debate. 
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analysis  needs  a  reality  check. 
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Server-side  SSL  boosts  security. 
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ing  support. 
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the  poetry-wielding  spam  fighters. 


■  26  Johna  Till  Johnson: 

How  service  providers  might  get 
back  on  track. 

NetWorker 

■  27  Avoiding  Wi-Fi  surprises. 


Management 

Strategies 

■  43  Retaining  crucial  skills:  IT 
executives  look  to  preserve  main¬ 
frame  and  legacy  system  knowl¬ 
edge  as  employees  near  retirement. 


SMaL’s  Autobrite  technol¬ 
ogy  can  provide  better 
images  (below)  than  regu¬ 
lar  network  cameras 
(left). 
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Interactive 

Topic  notes 

Our  topic-specific  news  pages  now  not  only  have  the  latest  news  and 
research  you  need  on  your  interests,  but  they  also  now  feature  analysis 
and  commentary  from  our  editors  who  know  the  areas  best.  For 
instance,  see  why  Senior  Editor  John  Cox  thinks  you  should  keep  an  eye 
on  the  latest  802.11  working  group.  Other  topic  pages  featuring  reporter 
commentary  include  network/systems  management:  security:  collabora¬ 
tion:  NOSes  and  storage.  DocFinder  5128 

Forum:  Are  companies  ready  for  end-to-end 
wireless  LANs? 

Doug  Klein  of  Vernier  Networks  says  yes.  Merwyn  Andrade  of  Aruba 
Wireless  says  no.  Read  their  arguments,  then  jump  in  with  your 
thoughts  DocFinder:  5129 

Forum:  3Com  comes  back  to  the  enterprise 

Your  reactions  to  its  new  enterprise  emphasis.  Would  you  buy  3Com 
(Huawei)  gear?  DocFinder  5130 

Network  Encyclopedia 

Get  definitions  for  the  technologies,  hardware,  protocols,  standards  and 
more  behind  networking.  DocFinder  5142 
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When  only  a  librarian  will  do 

Fusion  Executive  Editor  Adam  Gaffin  wonders  whether  Google 
makes  reference  librarians  obsolete. 

DocFinder  5131 

Telework  Beat 

SARS  virus  spotlights  telework 

Net.Worker  Managing  Editor  Toni  Kistner  asks:  Can  your  firm 

function  when  employees  can't  get  to  the  office? 

DocFinder  5132 

Small  Business  Tech 

Knocking  NAS 

Columnist  James  Gaskin  shares  reader  frustration  with 
Linksys'  NAS  EFG80/. 

DocFinder  5133 

Digital  Domicile 

Could  coax  be  the  dark  horse? 

Columnist  Mike  Wolf  examines  several  companies  that  are 
gearing  up  to  offer  whole-home  networking  over  coaxial 
cabling. 

DocFinder  5134 
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WorldCom  name  going  away 

■  WorldCom  will  announce  this  week  that  it  is  ditching  its  tainted 
name,  which  has  become  synonymous  with  corporate  scandal 
and  accounting  fraud.  According  to  The  Washington  Post,  World¬ 
Com  will  adopt  the  moniker  of  its  long-distance  subsidiary,  MCI, 
which  has  been  a  household  name  among  consumers  for  about 
20  years.  In  addition  to  the  name  change,  WorldCom  is  expected 
to  announce  that  is  moving  its  corporate  headquarters  from 
Clinton,  Miss.,  to  a  facility  it  has  in  Ashburn,Va.  WorldCom  this 
week  also  is  expected  to  file  its  latest  reorganization  plan  with  the 
bankruptcy  court  overseeing  its  restructuring.  That  document  is 
supposed  to  include  a  three-year  blueprint  for  the  company  to 
return  to  profitability. 

Microsoft  releases  Greenwich  details 

■  Microsoft  has  dubbed  its  instant-messaging  product  Greenwich  the  Real-Time 
Communications  Server  2003,  Standard  Edition. The  company  said  the  server  would  be 
launched  this  fall  as  a  separate  product  and  not  part  of  Windows  Server  2003. The  ser¬ 
ver,  based  on  Session  Initiation  Protocol  and  SIP  for  Instant  Messaging  and  Presence 
Leveraging  Extensions  (SIMPLE)  standards,  was  originally  touted  as  a  feature  of  the  new 
operating  system,  which  ships  next  week.  The  company  did  not  announce  licensing 
terms,  but  did  say  a  subset  of  the  technology  namely  its  presence  awareness  capabili¬ 
ties  for  tracking  users  online,  would  be  offered  as  a  free  add-on  to  Windows  Server  2003. 
Microsoft  also  will  make  available  a  set  of  APIs  and  a  SIP  proxy  so  developers  can  build 
presence  directly  into  their  applications. 

Siebel  counters  reports  about  service 

■  CRM  software  maker  Siebel  Systems  went  on  the  offensive  last  week  in  an  effort 
to  quash  reports  that  its  customer  satisfaction  reviews  were  less  than  stellar.  The 
reports  stem  from  data  in  a  confidential,  Siebel-sponsored  survey,  which  the  com¬ 
pany  says  was  unlawfully  leaked. “Someone  has  taken,  selectively,  eight  pages  of  the 
75-page  report, clearly  marked  ‘confidential,’  and  over  the  past  month  systematically 
leaked  it  to  members  of  the  financial  community,  press  and  analyst  community” said 
Nitsa  Zuppas,  senior  director  of  public  relations  at  Siebel. “It  was  clearly  stolen  and 
leaked.lt  was  a  violation  of  the  law, and  we  have  the  FBI  looking  into  it. "The  software 
maker  didn’t  dispute  the  authenticity  of  the  leaked  data,  but  says  it  was  taken  out  of 
context.  “In  any  given  survey  what  we’ve  seen  is  a  couple  of  problem  areas,"  said 
Steve  Mankoff, senior  vice  president  of  technical  services  at  Siebel.  Mankoff  stressed 
that  overall,  Siebel’s  customer  satisfaction  scores  were  extremely  positive.  (Read 
more  about  Siebel,  page  23.) 

Ciena  acquires  WaveSmith 

■  Optical  network  vendor  Ciena  last  week  acquired  privately  held  multiservice  edge 
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The  GoodTheBad  Ugly 


Spam  and  war.  war 

time  opportunists  have  taken  to 
the  Internet,  firing  off  rounds  of 
spam  selling  items  such  as  American  flags,  T-shirts  and  gas  masks,  in  an  offensive 
that  is  filling  user  in-boxes,  a  new  study  says.  War-related  spam  accounted  for 
nearly  10%  of  all  spam  reviewed  by  e-mail  filter  company  SurfControl  by  the  end 
of  March,  compared  to  the  handful  of  war  spam  it  collected  at  the  beginning  of 
the  month,  according  to  the  IDG  News  Service. 


Nirvana  for  sports 

junkies.  Up-to-the-minute 
sports  scores  should  start  showing 
up  on  U.S.  cell  phone  screens 
within  the  next  month  as  services 
from  ESPN  go  live  on  wireless 
mobile  networks.  UlEvolution  will 
use  its  cross-platform  development 
environment  to  create  software 
for  delivering  ESPN  ring  tones  and 
the  company's  BottomLine  score 
ticker  to  programmable  mobile 
phones.  > 


®  In  need  of  a  CIO.  President  Bush's  former  cybersecurity  adviser, 
Richard  Clarke,  last  week  warned  a  House  of  Representatives  subcommittee  that 
the  federal  government  is  asking  for  trouble  if  it  doesn't  shore  up  its  network 
defense  strategy.  Among  other  things,  he  says  the  feds  need  a  CIO.  “Without 
such  an  official,  departments  will  continue  as  they  have  for  years,  vulnerable  to 
cyberintrusion  and  woefully  behind  in  the  deployment  of  modern  IT  security 
technology,"  he  said. 


switch  maker  WaveSmith  Networks  for  $158  million  in  stock.  Ciena  was  a  third-round 
investor  in  WaveSmith  and  distributed  the  company’s  products.The  acquisition  follows 
WaveSmith’s  recent  contract,  valued  at  $50  million  or  more  over  three  years,  to  supply 
SBC  with  multiservice  edge  switches  in  200  sites.  The  deal  helps  Ciena  tap  additional 
sources  of  revenue  as  sales  of  optical  network  gear  remain  sluggish  during  the  3-year- 
old  telecom  slump.  Citing  data  from  Infonetics  Research,  Ciena  says  the  worldwide 
multiservice  switch  market  addressed  by  WaveSmith’s  products  will  grow  from  approx¬ 
imately  $2.4  billion  in  2003  to  nearly  $4  billion  by  2006. 

Network  Associates  profits,  stock  price  take  a  hit 

■  Network  Associates  last  week  reported  a  quarterly  loss  of  $3.7  million  in  contrast  to  a 
profit  of  $15.8  million  for  the  same  period  last  year.  First-quarter  revenue  fell  to  $215.2 
million  from  $220.7  million.  Network  Associates’ CEO  George  Samenuk  told  analysts  on 
a  conference  call  that  the  company  saw  an  unexpected  fall-off  in  sales  at  the  end  of  the 
quarter.  Network  Associates  also  is  facing  government  inquiries  into  its  accounting 
methodology, and  is  sorting  out  its  financial  statements  for  1998  through  2000.The  news 
sent  Network  Associates’ stock  plunging  20%. 

INS  buys  Predictive  Systems 

■  Santa  Clara  consultancy  International  Network  Services  last  week  said  it  has  agreed 
to  acquire  security  consulting  firm  Predictive  Systems,  of  New  York,  in  a  stock  deal  worth 
approximately  $19.2  million.  After  the  acquisition,  INS  will  have  more  than  700  employ¬ 
ees  and  30  offices  in  the  U.S.  and  internationally.  David  Butze  will  continue  to  serve  as 
president  and  CEO  of  INS,  while  Andy  Zimmerman,  Predictive  Systems  CEO,  will  remain 
with  the  company  through  the  completion  of  the  transaction,  expected  to  close  at  the 
end  of  the  second  quarter. 


The  coming  battle 

Stefan  5  alia  writes  it's  inevitable  -  Microsoft  is  moving  to  enhance  its  search  tools 
and  site-  while  Google  is  increasingly  turning  into  a  "knowledge  operating  system." 

Read  more  of  Compendium  at  www.nwfusion.com, 

DocFinder:  til  40. 


Netgear  readies  to  launch  IPO 

■  Netgear,  which  produces  a  range  of  products  for  the  small-office/home-office  market, 
including  Ethernet,  broadband  and  wireless  gear,  last  week  filed  its  intention  to  launch 
a  $115  million  IPO. The  Santa  Clara  company  plans  to  trade  on  the  Nasdaq  under  the 
ticker  symbol  NTGR. 
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Storage  vendors  extend  their  reach 


■  BY  DENI  CONNOR 

PHOENIX  —  Interoperability  and  man¬ 
ageability  of  data  storage  will  be  the  pri¬ 
mary  focus  of  products  that  Network  Ap¬ 
pliance,  Hitachi  Data  Systems,  Cisco  and 
others  introduce  this  week  at  Storage 
Networking  World. 

Among  the  announcements  expected: 

•  Network  Appliance  will  launch  a  ver¬ 
sion  of  its  NearStore  disk-based  back-up 
appliance  that  can  be  used  to  inter¬ 
changeably  store  data  that  must  be 
archived  and  readily  available  to  meet 
government  regulations,  or  back  up  non- 
regulated  archival  data. 

•  Cisco  will  release  modules  for  its  7200 
Series  routers,  Fibre  Channel  director-level 
switches  and  IP  storage  router  that  let  users 
extend  the  reach  of  storage-area  networks 
(SAN)  across  a  WAN. 


•  Hitachi  and  Network  Appliance  will 
announce  a  network-attached  storage 
gateway  —  the  first  NAS  for  Hitachi  — 
that  lets  network  users  access  data  con¬ 
tained  on  their  SANs  via  a  Network 
Appliance  file  server. 

•  CNT,  which  acquired  director-level 
switch  vendor  Inrange  Technologies  last 
week  for  $190  million,  will  roll  out  a  version 
of  its  mainframe-based,  director-level 
switch  for  Unix  and  Windows  networks,  let¬ 
ting  users  intermix  SAN  data  from  both 
environments. 

•  Microsoft  and  Nishan  Systems  will 
introduce  a  protocol  service  that  lets 
management  software  running  on 
Windows  2003  discover  devices  on  a  SAN 
or  IP  storage  (iSCSI  or  Fibre  Channel  over 
IP)  network. 

Network  Appliance’s  NearStore  array 
now  will  support  retention  of  regulated 


The  SN  5428-2  has  been  enhanced  with  Fibre 
Channel  over  IP  capability  to  link  SANs 
together  over  geographic  distances. 


data,  such  as  that  found  in  financial, 
healthcare,  government  and  pharmaceuti¬ 
cal  businesses,  in  addition  to  the  back-up 
data  it  traditionally  has  stored.  NearStore 
incorporates  SnapLock’s  software  that  has 
write  once  read  many  times  (WORM) 
capabilities,  which  will  let  it  store  e-mail, 
transaction  records  and  medical  images, 
which  need  to  be  retained  unaltered  and 
accessible  for  long  periods  of  time. 

“The  Network  Appliance  announcement 


is  very  important  for  the  marketplace 
because  it  is  a  major  vendor  providing  a 
solution  that  helps  companies  that  have 
regulated  and  nonregulated  business  bet¬ 
ter  manage  and  develop  life-cycle  capabili¬ 
ties  for  specific  data  types,”  says  Tony 
Prigmore,  a  senior  analyst  with  Enterprise 
Storage  Group.  “In  some  regulated  busi¬ 
nesses,  there  is  no  question  that  what 
Network  Appliance  is  doing  will  be  viewed 
as  an  excellent,  easy-to-manage  addition  to 
customers’  current  Network  Appliance 
infrastructures  without  adding  incremental 
equipment.” 

WORM  drives  and  tapes  have  long  been 
available  for  storing  regulated  data.  But  they 
are  slow  to  access,  less  reliable  and  more 
expensive  than  storage  arrays  from  Network 
Appliance,  EMC  or  StorageTek,  which  use 
Advanced  Technology  Attachment  drives, 
experts  say 

Cisco  will  introduce  a  variety  of  products 
intended  to  link  SAN  islands  and  provide 
any-to-any  device  access  to  storage.  The 
company  will  roll  out  the  MDS  9000  IP 
Storage  Services  Module,  a  Fibre  Channel 
over  IP  port  (FCIP)  adapter  for  the  Cisco 
7200  and  7400  Routers,  a  new  version  of 
the  SN  5428  Storage  Router  coarse  wave¬ 
length  division  multiplexing  (CWDM) 
small-form-factor  pluggable  modules  for  its 
Storage  Networking  product. 

The  IP  Storage  Services  Module  is  a  dual¬ 
function  FCIP  and  iSCSI  blade  for  Cisco’s 
MDS  9000  Fibre  Channel  director,  which 
lets  SANs  be  linked  across  a  WAN  and 
servers  on  the  network  have  access  to  SAN 
storage.  The  FCIP  port  adapter  gives  the 
Cisco  7200  and  7400  Routers  the  ability  to 
link  SANs  over  distance.  FCIP  capability 
also  has  been  added  to  the  SN  5428-2 
Storage  Router.  CWDM  SFPs  can  be  added 
to  the  MDS  9509,  which  will  let  it  attach  to  a 
CWDM  multiplexer  and  use  point-to-point 
Fibre  Channel  links  to  support  data  traffic. 

Hitachi  and  Network  Appliance  will  an¬ 
nounce  a  gateway  called  the  HDS  NetApp 
Enterprise  NAS  Gateway  that  lets  customers 
consolidate  separate  NAS,  SAN  and  direct- 
attached  storage  devices  into  a  common 
storage  pool  that  can  be  managed  from 
Hitachi’s  HiCommand  interface.  “Custom¬ 
ers  are  tired  of  uncooperative  vendors,  and 
anytime  they  see  two  vendors  behaving  in 
a  cooperative  way  it  gives  them  comfort 
about  overall  storage,”  Prigmore  says. 

The  Enterprise  NAS  Gateway  consists  of  a 
Network  Appliance  FAS900  filer  attached  to 
a  Hitachi  Freedom  Storage  Lightning  9900a 
or  9500  V  Series  array  directly  or  via  a  Fibre 
Channel  switch.  It  comes  in  three  models 
—  the  GF940,  GF960  and  the  GF825  — 
which  make  as  much  as  48  terabytes  of 
data  available.The  GF940  and  960  are  avail¬ 
able  now;  the  GF825  is  expected  to  be  avail¬ 
able  in  June. 

Network  Appliance  and  Bus-Tech  will 
launch  a  software  and  hardware  bundle 

See  Storage,  page  9 


Tivoli  users  discuss  automation 


■  BY  DENISE  DUBIE 

NEW  ORLEANS  —  Several  executives  at  Planet  Tivoli  and 
DeveloperWorks  Live  detailed  how  they  are  taking  baby  steps 
toward  deploying  automation  across  key  networks,  systems  and 
applications. 

The  show,  which  had  approximately  3,000  atten¬ 
dees,  focused  on  automation  —  in  particular  IBM’s 
On  Demand  computing  technology,  which  promises 
to  provision,  administer  and  manage  network 
resources  as  needed.  Part  vision  and  part  reality  at 
this  point,  On  Demand  will  comprise  products  and 
services,  including  IBM  autonomic  computing  tech¬ 
nology  to  let  networks  and  applications  self-heal, self¬ 
protect  and  self-manage. 

“Some  of  [On  Demand]  has  yet  to  bear  fruit,  but  it’s 
a  process  of  building  immunity  into  our  systems  so 
they  can  detect  when  something  may  go  wrong,” 
says  Brian  Lock,  vice  president  of  technology  and 
architectural  services  at  MasterCard’s  technology 
headquarters  in  St.  Louis. “Ideally,  a  problem  would 
never  surface.” 

MasterCard  uses  several  products  from  Tivoli,  including  soft¬ 
ware  to  automate  workload  scheduling,  monitor  distributed  sys¬ 
tems,  and  manage  storage  and  configurations.  Lock  is  in  the 
process  of  rolling  out  Tivoli  Web  Services  Analyzer  and  Web 
Services  Manager  to  get  more  data  on  how  his  infrastructure  and 
applications  work  with  MasterCard  customers,  banks  and  credit 
organizations  that  approve  and  administer  credit  accounts. 

Lock  says  MasterCard  will  continue  to  update  applications  and 
online  services  along  the  lines  of  IBM’s  On  Demand  strategy  to 
ensure  “customers  don’t  even  think  there’s  a  way  to  do  [the  ser¬ 
vice]  with  someone  other  than  MasterCard.  It’s  a  competitive 
advantage." 

Val  King,  manager  of  IS  security  and  recovery  at  the  Canadian 
Pacific  Railway  in  Calgary,  Alberta,  recently  deployed  Tivoli 
Identity  Manager  software  to  manage  user  ID  and  password 
changes.  He  says  the  pilot  deployment  to  120  users  delivered  a 
20°  to  30%  reduction  in  help  desk  calls.  King  say  he  will  roll  out 
the  automated  password  self-service  application  to  between 
6,000  and  9,000  users  next  month. 

“We  took  a  process  that  involved  several  people  and  could 


take  up  to  a  week,  and  made  it  a  simple, self-service  process  that 
can  take  minutes,”  King  says.  To  get  the  software  to  take  auto¬ 
matic  action,  King  input  the  manual  process  to  change  pass¬ 
words  into  Identity  Manager.  The  software  follows  the  same 
process  as  a  manual  operator  would,  King  says.  Incorporating 
automation  into  management  processes  does  not 
put  security  at  risk,  he  adds. 

“We  didn’t  put  something  in  place  to  make  deci¬ 
sions  on  security  We  just  reduced  the  number  of 
people  performing  penetration  tests  and  vulnerabil¬ 
ity  scans  from  seven  to  one,”  King  says.“Human  eyes 
are  still  always  watching  that  console  to  ensure  the 
process  is  flowing  appropriately’ 

But  King  says  automated  password  management  is 
a  simple,  redundant  task  that  takes  time  and  skills 
away  from  other  more  challenging  security  projects. 
King  also  will  automate  archiving  of  security  event 
logs  generated  by  firewalls,  another  time-consum¬ 
ing,  repetitive  task. 

If  the  management  software  detects  a  potential 
intruder  or  vulnerability,  it  automatically  will  alert  a 
security  manager  to  determine  what  the  next  action 
should  be.“We  might  shut  down  a  server  to  prevent  a  virus  from 
spreading,  but  there  are  trust  hurdles  with  security’  King  says. 

Glen  Barry,  systems  analysis  technical  manager  at  UPS  in 
Atlanta,  says  by  using  Tivoli  Identity  and  Access  Manager,  the 
company  reduced  the  number  of  people  managing  passwords 
from  10  to  one.  And  Barry  says  now  those  nine  IT  staffers  could 
be  reallocated  to  work  on  UPS’  effort  to  build  business  processes 
into  its  Tivoli  software,  which  could  let  the  infrastructure  respond 
according  to  business  needs. 

“It’s  new  for  us  to  link  IT  to  business  process  models,  but  we’re 
looking  at  it  as  an  evolving  process  to  create  that  environment,” 
Barry  says.  “We  anticipate  putting  some  work  into  creating  that 
type  of  seamless  environment.” 

Despite  the  upfront  work,  On  Demand  computing  will  become 
a  necessity  for  enterprise  data  centers,  says  Herb  Van  Hook,  an 
analyst  with  Meta  Group.  While  IBM’s  goal  of  a  self-managing 
intelligent  infrastructure  could  seem  lofty  today,  Van  Hook  says 
management  practices  of  the  past  don’t  make  sense  anymore. 

“The  overprovisioning  and  overstaffing  model  won’t  be  accept¬ 
ed,”  he  says.“The  demands  will  outweigh  what  people  can  do.”  ■ 


Automation  could  help 
UPS  boost  business 
processes,  says  Glen 
Barry,  systems  analysis 
technical  manager. 
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that  lets  Bustech’s  Mainframe  Appliance 
for  Storage  back  up  mainframe  data  on  the 
NearStore  appliance  rather  than  on  legacy 
IBM  tape  drives  or  storage  arrays  from 
EMC,HP1BM  or  Hitachi. 

CNT  will  launch  an  enhanced  version  of 
its  UltraNet  Storage  Director  that  adds 
Fibre  Channel,  Gigabit  Ethernet  and  OC-12 
ATM/Packet-over-SONET  capability  to  the 
switches’  Enterprise  Systems  Connection 
capability  This  will  let  users  mirror,  repli¬ 
cate  or  copy  data  from  any  storage  array 
attached  to  a  Windows,  Linux  or  Unix 
server  to  any  other  array  located  across  a 
geographic  distance. 

Microsoft  and  Nishan  also  are  announc¬ 
ing  that  the  Internet  Storage  Name  Service 
(iSNS)  will  be  incorporated  into  Windows 
2003.The  iSNS  management  protocol  is  an 
IETF  proposed  standard  for  discovering 
devices  in  SANs  and  IP  storage  networks, 
where  devices  might  prove  impossible  to 
discover  via  standard  polling  methods 
because  there  could  be  as  many  as  15.5 
million  addresses  to  manage.  Cisco,  IBM, 
Nishan,  Nortel  and  others  support  iSNS.N 
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the  accuracy  and  perfor¬ 
mance  of  new  technology, 
and  nervous  about  the  relia¬ 
bility  of  running  antivirus 
and  content-filtering  on  a 
single  appliance. 

ISS  this  week  will  seek 
to  ease  those  fears  with  IPS 
gear  called  Proventia. 

By  the  end  of  the  summer, 
ISS  plans  to  have  two  in-line 
IPS  appliances  that  will  run 
at  800M  bit/sec  and  gigabit 
speed,  respectively  to  block 
harmful  traffic  at  the  net¬ 
work  perimeter  or  in  the 
data  center. 

“Customers  will  be  able  to 
choose  what  actions  to  take, 
to  block  or  detect,”  says  Tim 
McCormack,  ISS  vice  presi¬ 
dent  of  marketing.  ISS  has  not 
built  hardware  appliances 
until  now,  and  the  Proventia 
line  will  be  appliance-based 
for  speed  and  ease  of  deploy¬ 


r - - - - ' 

A  flurry  of  activity 

Here’s  a  sampling  of  announcements  planned  for  the  RSA 
Conference  2003: 

Foundstone 

Enterprise  Risk  Solutions  for 
vulnerability  assessment,  patch 
remediation  and  work-flow- 
based  tracking  by  prioritization. 

$15,000 

IM  Logic 

IM  Manager  5.0  with  anti¬ 
spam/content  filtering. 

$15,000 

Tripwire 

Tripwire  for  Servers  4.0  data- 
integrity  software,  which 
protects  against  tampering. 

$600 

VeriSign 

Trust  gateway  proxy  forWeb 
services  security. 

Not  available 

Zone  Labs 

Integrity  2.2  policy  enforcement/ 
firewall  software. 

$8,000 

Citadel, 
GuardedNet, 
NetContinuum, 
SPI  Dynamics, 
Teros 

Group  of  vendors  backing  a 
new  XML  standard  called 
Application  Vulnerability 
Description  Language. 

■>  >*  .}  ' 

Not  applicable 

t®  ■  js  S8  TT' 

ment,  he  says. 

ISS  will  showcase  four 
models  of  its  traditional  IDS, 
RealSecure,  in  the  Proventia 
appliance  form.  Model  A201, 
at  $10,000,  is  a  200M  bit/sec 
IDS;  Model  A604,  at  $28,000, 
reaches  600M  bit/sec;  and 
Model  A 1204,  at  $50,000 
attains  1.2G  bit/sec,  the  com¬ 
pany  says.  These  appliances 
are  designed  for  use  in  load¬ 
balancing  and  full-duplex 
environments. 

Some  see  the  inline  IPS  as 
the  next-generation  firewall, 
so  perhaps  it  should  be  no 
surprise  that  by  year-end  ISS 
will  introduce  a  Proventia 
IPS  appliance  intended  to  re¬ 
place  the  firewall,  McCor¬ 
mack  says.  The  appliance 
would  combine  the  firewall’s 
packet-filtering  and  stateful- 
inspection  capabilities.  It 
also  would  combine  anti¬ 
virus,  spam  control  and  con¬ 
tent  filtering.  For  antivirus 
See  RSA,  page  12 


FINALLY.  BUSINESS  SOLUTIONS  THAT 
WORK  WITH  EXISTING  TECHNOLOGIES 

AND  NONEXISTENT  BUDGETS. 


You  need  to  get  more  out  of  what  you  have.  We  have  just  the  thing:  solutions  based  on  our  open  technology  platform,  SAP  NetWeaver. 
Because  it’s  preconfigured  to  work  with  your  current  IT  investments  —  and  it’s  fully  operable  with  .NET  and  J2EE  —  SAP  NetWeaver  reduces  the 
need  for  custom  integration.  That  lowers  your  total  cost  of  ownership  for  your  entire  IT  landscape  and  gets  you  quicker  ROI  Everything  a  CIO 
wants  (and  a  CFO  didn’t  think  was  possible).  Visit  sap.com/open  or  call  800  880  1727  for  details. 

THE  BEST-RUN  BUSINESSES  RUN  SAP 


©2003  SAP  AG.  SAP  and  the  SAP  logo  are  registered  trademarks  of  SAP  AG  in  Germany  and  several  other  countries.  Other  product  or  service  names  mentioned  herein  are  the  trademarks  of  their  respective  owners. 
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Under  attack  from  hackers) 


Received  virus-infected  macro 


Forgot  password 


Managing  desktop  security  can  be  challenging. 
That’s  why  there’s  Windows  XP  and  Office  XP. 


Recognize  any  of  those  issues?  Or,  perhaps,  all  of  them? 
We  thought  so.  Many  of  these  issues  can  be  related  to  your 
legacy  desktop  software;  fortunately,  many  of  them  can  be 
addressed  by  features  in  Microsoft'  Windows®  XP  Professional 
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Needs  access  to  HR,  not  accounting 


Wants  to  encrypt  a  memo 


Wants  to  encrypt  everything 
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and  Microsoft  Office  XP  Professional.  Want  specific  examples? 
The  Group  Policy  feature  in  Windows  XP  Professional  lets 
you  define  related  user  groups  and  then  easily  assign  security 
settings  to  the  group  as  a  whole.  Office  XP  Professional 


offers  Macro  Virus  Protection,  which  lets  you  easily  configure 
applications  to  help  prevent  users  from  running  the  macro 
attachments  that  most  viruses  use.  Want  more  reasons  to 
upgrade?  Visit  microsoft.com/desktop 
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and  spam  filtering,  ISS  will  partner 
with  other  vendors,  which  it  hasn’t 
disclosed. 

With  its  strategy  ISS  now  goes 
head  to  head  with  Network  As¬ 
sociates,  the  antivirus  and  security 
appliance  vendor  that  was  once 
an  ally  Network  Associates  drop¬ 
ped  ISS  as  a  technology  partner 
earlier  this  year  and  bought  two 
security  companies,  IntruVert  and 
Entercept  Technologies,  which 
sell  network-based  and  host- 
based  IPS  products,  respectively 

IntruVert  this  week  will  roll  out 
the  latest  version  of  its  IntruShield 
IDS  System  1.5.  The  in-line  appli¬ 
ance  now  supports  a  stateful  fail¬ 
over  mode  that  makes  it  possible 
to  link  two  IntruVert  appliances 
so  that  the  second  will  take  over  if 
the  first  fails,  says  Raj  Dhingra, 
vice  president  of  marketing. 

IntruShield,  which  starts  at 
$35,000,  can  be  used  in  mixed 
mode  to  passively  monitor  and 
actively  block  traffic  so  cus¬ 
tomers  don’t  have  to  take  an  all- 
or-nothing  approach  on  block¬ 
ing.  This  version  also  adds  a  way 
to  analyze  whether  or  not  an 
attack  was  successful  against  a 
target  machine. 

Dhingra  acknowledges  that  cus¬ 
tomers  seldom  use  active  block¬ 
ing  right  away  but  expand  use  as 
they  become  comfortable  that 
the  IDS  is  accurate  and  won’t  stop 
legitimate  traffic  by  mistake. 

Whether  or  not  IPSs  will  win 


over  IDSs  and/or  firewalls  as 
ways  of  protecting  corporate 
assets  remains  unclear.  One 
IntruVert  customer,  HomeBanc 
Mortgage  of  Atlanta,  automatical¬ 
ly  has  blocked  some  types  of  sus¬ 
picious  traffic  against  Web 
servers,  including  denial  of  ser¬ 
vice,  but  uses  a  traditional  pas¬ 
sive-monitoring  IDS  to  keep  an 
eye  on  what’s  going  on  inside  the 
corporate  network. 

“There’s  a  time  and  place  for 
everything,”  says  Andrew  Berk- 
uta,  network  and  physical  secur¬ 
ity  manager  at  HomeBanc  Mort¬ 
gage.  “We  still  have  intrusion 
detection.  And  each  and  every 
day  I  look  at  my  reports.”  He  says 
he  views  the  company’s  firewall 
as  the  first  line  of  defense. 

Berkuta  says  his  staff  tests  block¬ 
ing  technologies  using  the  Intru¬ 
Vert  equipment  before  any  pro¬ 
duction  use  to  understand  the 
effects.  So  far,  though,  the  com¬ 
pany  has  found  no  problems  with 
actively  blocking  through  IPS. 

Several  other  vendors  also  are 
using  the  RSA  conference  as  their 
stage  for  new  IDS  or  IPS  products. 

•  Lancope  will  unveil  the  third 
version  of  its  $20,000  Stealth- 
Watch  IDS  appliance,  adding 
graphic  visualization  of  traffic 
and  a  way  to  establish  different 
IDS  monitoring  policies  for  differ¬ 
ent  LAN  segments  through  logi¬ 
cal  groups. In  the  next  six  months, 
Lancope  expects  to  have  a  ver¬ 
sion  of  Stealth  Watch  that  will  do 
active  blocking  as  well. 

•  NetScreen  Technologies  will 


Nortel  raises  VoIP  security  flag  at  RSA  show 


Nortel  this  week  will  use  the  RSA  show  to 
roll  out  product  enhancements  designed  to 
help  lock  down  IP  telephony  networks. 
Nortel  is  addressing  concerns  about  IP  PBX 
server  viruses  and  other  voice-over-IP  (VoIP) 
vulnerabilities  with  a  set  of  enhancements  to  its 
IP  PBX  and  Meridian  PBX  products.  Also  being 
added  is  support  for  VoIP  protocols  on  firewalls 
and  other  gear. 

As  part  of  Nortel's  Secure  Telephony  Solution 
initiative,  the  server  operating  systems  on  all 
Succession  CSE  1000  and  CSE  MX  IP  PBXs 
now  will  be  preconfigured  with  certain  services 
and  applications  disabled  that  could  be  exploit¬ 
ed  during  a  security  breach.  Among  these  are 
FTP  servers  or  SNMP  on  Windows-  or  Sun- 
based  systems. 

Nortel  has  added  support  for  H.323  and  Ses¬ 


sion  Initiation  Protocol  (SIP)  to  the  stateful 
firewall  functions  of  its  Contivity  Secure  IP 
Services  Gateway,  a  VPN/firewali  box.  Support 
for  H.323  and  SIP  have  been  added  to  the 
Business  Communication  Manager  devices,  a 
branch-office  IP  PBX,  router  and  security 
appliance. 

The  company  says  it  also  is  working  more 
actively  to  identify  security  loopholes  in  hybrid 
IP/TDM  environments,  where  PBX  and  IP  serv¬ 
er  equipment,  such  as  Nortel’s  SIP-based  CSE 
MX  and  unified  communication  server,  are 
linked.  This  work  includes  adding  encryption  on 
interfaces  between  PBX  and  IP  servers,  and 
“hardening”  the  Meridian  1  PBX  operating  sys¬ 
tem  to  prevent  breaches  such  as  toll  fraud  or 
unauthorized  configuration  changes. 

—  Phil  Hochmuth 


expand  its  intrusion  detection 
and  prevention  product  line  with 
the  introduction  of  NetScreen-IDP 
10,  a  20M  bit/sec  appliance  for 
protecting  remote  offices  or  small 
businesses.  Shipping  this  week,  it 
costs  $8,000.  In  addition,  Net- 
Screen  has  added  monitoring  or 
blocking  of  all  instant-messaging 
formats  and  peer-to-peer  file-shar¬ 
ing,  which  can  cut  into  business 
productivity  or  introduce  viruses. 

•  Arbor  Networks,  which  until 
now  has  focused  solely  on 
equipment  to  prevent  distrib¬ 
uted  denial-of-service  attacks, 
will  unveil  PeakFlow  X,a  $50,000 
appliance  to  be  installed  inside 


a  corporate  network  at  critical 
LAN  points  to  monitor  traffic 
based  on  “learning”  usage.  The 
intent  is  to  determine  events  that 
might  constitute  unauthorized 
network  use,  according  to  Ted 
Julian,  Arbor’s  CEO.  He  says  Peak- 
Flow  X  “learns”  what’s  normal 
traffic,  unlike  the  approach  that  a 
traditional  IDS  uses  of  checking 
for  signatures,  so  customers 
should  experience  far  fewer 
false  alerts  with  PeakFlow  X. 

•  Symantec  will  team  with  Sun 
to  introduce  the  iForce  IDS  appli¬ 
ance,  the  hardware-based  ver¬ 
sion  of  Symantec’s  ManHunt  IDS 
encased  in  the  Intel-based  So- 


Liberty  turning  first  spec  over  to  OASIS;  will  introduce  two  more 


The  Liberty  Alliance  this  week  for  the 
first  time  will  turn  over  part  of  its 
work  to  a  standards  group  and  will 
release  two  new  draft  specifications  as 
part  of  its  revamped  architecture  for  cre¬ 
ating  open  network  identity  specifications. 

The  group  will  announce  at  this  week’s 
RSA  Conference  that  the  first  phase  of  its 
work  will  be  turned  over  to  the  Organi¬ 
zation  for  the  Advancement  of  Structured 
Information  Standards  (OASIS).  The  first 
phase,  which  was  renamed  Identity  Feder¬ 
ation  Framework  in  March,  is  basically 
Liberty's  Version  1.1  specification  that  out¬ 
lines  single  sign-on  and  account  sharing 
between  partners  with  established  trust 
relationships. 

The  Liberty  move  could  be  a  reaction  to 
IBM  and  Microsoft,  which  are  not  Liberty 
members  but  are  trying  to  create  their 
own  identity  framework  as  part  of  WS- 
Security,  an  evolving  Web  services  stan¬ 
dard  they  created  and  submitted  to 


OASIS.  Microsoft  also  is  creating  a  feder¬ 
ated  identity  framework  around  its 
Passport  technology. 

“It  is  significant  that  Liberty  is  ready  to 
open  up  to  a  wider  world  than  its  own 
group,"  says  Prateek  Mishra,  co-chair  of 
the  Security  Services  technical  committee 
at  OASIS  and  director  of  technology  and 
architecture  at  Netegrity,  a  Liberty 
Alliance  member. 

Liberty's  Version  1.1  specification  will 
become  a  foundation  document  to  help 
create  Version  2  of  OASIS’s  Security 
Assertion  Markup  Language  (SAML), 
according  to  sources.  SAML  is  a  standard 
for  exchanging  authentication  and  autho¬ 
rization  information  that  Version  1.1  incor¬ 
porates  and  extends. 

Handing  over  Version  1.1  to  OASIS  is  a 
milestone  because  Liberty  previously  has 
referred  to  itself  as  a  de  facto  standards 
organization. 

Draft  specifications  for  Liberty’s  second 


and  third  phases  of  work,  which  now  incor¬ 
porate  WS-Security,  also  will  be  intro¬ 
duced  at  RSA. 

The  second  phase,  called  Identity  Web 
Services  Framework  (ID-WSF),  will  let 
islands  of  trusted  partners  link  to  other 
islands  of  trusted  partners  and  provide 
users  with  the  ability  to  control  how  their 
identity  information  is  shared.  Phase  3, 
called  Identity  Services  Interface 
Specifications  (ID-SIS),  will  build  services 
on  top  of  ID-WSF. 

The  hope  is  that  ID-WSF  and  ID-SIS  will 
eventually  extend  SAML  2.0  to  create  a 
single  standards-based  environment  for 
federated  identity  and  sharing  of  identity 
credentials. 

Liberty  also  plans  an  interoperability 
demonstration  at  RSA  with  18  vendors 
that  have  implemented  Version  1.1, 
including  Novell,  Sun,  Ericsson  and 
Communicator. 

—  John  Fontana 


laris  LX50  Server. 

RSA  Security,  the  vendor  that 
organizes  the  annual  security 
conference,  will  use  its  event  to 
talk  about  a  revamp  of  its  prod¬ 
uct  line  slated  for  the  next  12  to 
16  months.  The  company’s  RSA 
SecurlD  tokens,  the  Web-access 
management  product  Clear- 
Trust,  and  the  Keon  public-key 
infrastructure  product  all  will 
use  common  middleware  in  the 
future,  says  Art  Coviello,  presi¬ 
dent  of  RSA. 

Among  the  advantages  of  what 
RSA  calls  its  Nexus  identity  and 
access  management  strategy  is 
that  “it’s  going  to  eliminate  a  lot 
of  separate  servers  required  by 
the  RSA  product  line  todayf  Co¬ 
viello  says. 

He  adds  that  industry  specifica¬ 
tions  such  as  the  Liberty  Alliance 
Security  Assertions  Markup  Lan¬ 
guage  and  XML  standards  from 
the  Organization  for  the  Ad¬ 
vancement  of  Structured  Infor¬ 
mation  Standards  will  be  key  to 
defining  how  identity-based  in¬ 
formation  is  shared  securely 
among  applications.  ■ 


More  online! 

Firewalling  and  antivirus  protection  are  a 
good  start.  But  you  need  to  do  more. 
Joel  Snyder  joins  the  leading  security 
companies  to  show  you  how  to  protect 
your  entire  company. 
DocFinder  5139 
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" Our  sights  are  set  on  corporate 

growth.  We  need  to  move  fast 

, 

to  stay  competitive. 


M y  IT  department  can  barely  keep 
their  heads  above  water  with  the 
day  to  day  issues,  let  alone  have 
time  to  research  new  system  options. 


I'm  willing  to  invest  in  the  education 
of  today's  technology  if  the  return 
improves  our  productivity  and 
bottom  line  results.  " 


The  Information  and  Communications  Technology  (ICT) 
Conference  and  Tradeshow  -  strictly  business  to  business. 


t  ir+% 


CeBIT 

June  18-20,  2003 
Jacob  K.  Javits  Center 
New  York  City 


CeBIT  America's  3-day,  enterprise  only  Conference  and 
Tradeshow  provide  direct  access  to  the  world's  systems,  applications, 
communications  and  networking  leaders,  in  one  place,  at  one  time. 

If  you're  charged  with  integrating  technologies  and  applications  to 
meet  your  organization's  business  objectives,  then  we'll  see  you  at 
CeBIT  America  -  Where  the  World  Turns  for  ICT  Solutions. 

Register  Now!  Visit  www.cebit-america.com/info21  to  register  with  priority 
code  MAR3  and  view  our  online  brochure,  or  give  us  a  call,  212-465-0531. 


Some  of  our  participating  partners:  Builder.com  •  Business  Council  for  the  United  Nations  •  CNET  News.com  •  Computerworld  •  Gartner  • 
Information  Technology  Association  of  America  •  MultiMeteor  •  Network  World  •  New  York  eComm  •  Novell  Best  of  BrainShare  • 
Oracle  •  Tech  Corps  •  TechRepublic  •  Wall  Street  Journal  •  Wall  Street  Technology  Association  •  ZDNet 
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outer  newcomers  take  on  Cisco,  Juniper 

Procket,  Caspian  push  megarouters  that  offer  increased  stability,  reliability,  capacity. 


■  BY  JIM  DUFFY 

With  their  souped-up  engines 
and  buckets  of  cash,  two  new 
router  players  debuted  their  prod¬ 
uct  plans  last  week  in  an  effort  to 
break  the  two-headed  tyranny  of 
Cisco  and  Juniper. 

Procket  Networks  and  Caspian 
Networks  officials  say  they  can 
sway  service  providers  now 
beholden  to  Cisco  and  Juniper  to 
their  own  IP  core  routers,  built 
from  the  ground  up  to  accommo¬ 


date  the  millions  of  hosts  and 
astounding  Internet  growth. 

They  say  their  megarouters  will 
bring  a  heretofore-unattainable 
level  of  stability  and  reliability  to 
IP  services  such  that  companies 
mulling  a  managed  VPN,  voice- 
over-IP  or  storage  service  might 
now  be  ready  to  purchase. 

Procket,  which  has  managed  to 
keep  its  product  plans  under 
cover  despite  raising  close  to 
$300  million  in  funding  over  four 
years,  unveiled  programmable 


Novell  to  unveil 
cross-platform 
GroupWise  client 


No.  3 

GroupWise,  with  34 
million  users,  has  a 

10% 

market  share,  trailing 
Microsoft  Exchange 
and  Lotus  Notes. 


■  BY  DENI  CONNOR 

SALT  LAKE  CITY  —  Novell 
this  week  is  expected  to  intro¬ 
duce  a  cross-platform  client  for 
its  GroupWise  collaborative 
messaging  environment  at  the 
company’s  annual  Brainshare 
user  conference. 

The  client  software,  which 
would  let  users  access  Group- 
Wise  from  Linux,  Macintosh, 

Solaris  or  Unix  desktops,  will 
further  expand  Novell’s  reach 
beyond  Windows-based  com¬ 
puters,  sources  say.  Novell 
declined  to  comment. The  soft¬ 
ware  is  based  on  software  from 
Newcomp  Computer  Systems 
GmbH  (N-iX),a  NetWare  devel¬ 
opment  company  in  Germany 
that  Novell  has  partnered  with 
in  the  past. 

Although  Novell  has  had  a 
Web  Access  client  for  Group- 

Wise  that  lets  Linux  and  Macintosh  users  access  e-mail  from  a  browser, 
it  is  slower  and  has  fewer  features  than  a  dedicated  client. 

Otis  Lamar,  systems  administrator  for  the  Jefferson  County  govern¬ 
ment  in  Golden,  Colo.,  is  migrating  his  Windows-based  desktops  to 
Linux  and  has  used  the  N-iX  client  with  his  GroupWise  6  installation. 

It  accesses  GroupWise  through  the  Web  Access  client,”Lamarsays.“To 
the  user,  it  looks  like  just  another  application  running  on  the  desktop, 
but  behind  the  scenes  it  connects  to  the  Web  Access  interface.  Because 
of  this,  users  can  click  on  different  folders  to  see  their  messages  just  as 
they  can  with  a  Windows  client.” 

Lamar  is  looking  for  an  alternative  to  Windows  desktops.  He  has  about 
2,000  workstations  connected  to  NetWare  6  servers. 

Hie  new  GroupWise  client  works  with  GroupWise  5.5  or  higher. 

Novell  is  expected  to  announce  that  NetWare  6.5  is  now  in  public 
beta  tests  and  can  be  downloaded  from  beta.novell.com. The  product 
is  expected  to  be  available  this  summer.  ■ 


products  and  a  portability  plan 
designed  to  put  its  routing  smarts 
on  the  platforms  of  some  influen¬ 
tial  and  symbiotic  partners. 

Procket’s  Pro/8800  series  of 
routers  support  a  range  of  inter¬ 
faces  from  0C-3c  (155M  bit/ 
sec)  to  Gigabit  Ethernet,  10G 
Ethernet  and  OC-192c  (10G  bit/ 
sec).  The  half-rack  Pro/8812  core 
router  is  the  showcase  of  the  line, 
featuring  960G  bit/sec  of  total 
capacity  and  a  1.2  billion  packet/ 
sec  forwarding  rate  in  a  full-rack 
configuration. 

This  compares  with  640G  bit/ 
sec  for  Juniper’s  T640  and  160G 
bit/sec  for  Cisco’s  12416  in  full- 
rack  configurations. 

Procket  says  it  can  achieve  great 
density  in  its  products  via  large 
scale  integration  chips  of  its  own 
design.  These  chips  are  program¬ 
mable,  meaning  they  can  support 
new  features  through  software 
downloads  rather  than  requiring 
the  hardware  upgrade  of  ASICs, 
Procket  says. 

A  big  part  of  Procket’s  strategy  is 
to  license  its  software  —  the 
Pro/1  Modular  Service  Environ¬ 
ment  —  to  strategic  partners  to 
enable  new  applications,  such  as 
blade  server  virtualization  and 
low-end  enterprise  routing.  The 
company  says  it  has  “significant 
engagements”  with  undisclosed 
big  server  vendors,  among  others. 

Procket  officials  say  they  hope 
the  licensing  strategy  will  attract 
buyers  who  feel  Cisco’s  software 
is  old  and  unwieldy,  and  Juniper’s 
already  has  been  surpassed  by 
the  growth  of  the  Internet. 

“Customers  are  tired  that  they 
have  to  continually  upgrade,”  says 
Procket  CEO  Randall  Kruep. 
“They’re  tired  of  all  the  software 
stability  issues  and  the  25  to  30  dif¬ 
ferent  versions”  of  the  same  code. 

Caspian  unveiled 

While  Procket  quietly  has  plot¬ 
ted  its  debut,  Caspian  has  been 
more  visible,  trotting  out  com¬ 
pany  founder  and  Internet  pio¬ 
neer  Larry  Roberts  on  numerous 
occasions,  most  often  to  empha¬ 
size  that  Internet  traffic  still  is 
growing  briskly 

Caspian,  which  raised  close  to 
$300  million  in  funding  over  four 
years,  will  attempt  to  help  carriers 
cope  with  that  traffic  via  its 
Apeiro  flow-based  router. 

The  offering  is  a  modular,  multi¬ 
shelf  system  that  scales  from 
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Heavy  hitters 

Procket  and  Caspian  founders  have  distinguished  roots. 


Procket 


Chief  Scientist  Tony  Li  was  distinguished  engineer  and  project 
lead  at  Juniper  Networks.  Li  has  been  quoted  as  saying  that,  as 
Juniper's  fifth  employee,  he  arrived  too  late  to  influence  long-term 
technology  development.  Li  was  also  a  technical  lead  at  Cisco,  where 
he  helped  initiate  development  of  the  12000  series  Internet  router. 
Li  also  helped  design  and  document  the  BGP  4  routing  protocol. 

CTO  Bill  Lynch  served  as  the  lead  architect  for  UltraSPARC-IV, 
Sun's  high-performance  microprocessor.  He  joined  Sun  in  1992, 
where  he  invented  SAM  caches,  a  key  component  of  the 
UltraSPARC-Ill  microprocessor. 


Caspian 


Vice  Chairman  and  CTO  Larry  Roberts  is  considered  one  of  the 

fathers  of  the  Internet.  He  led  the  team  that  designed  and  developed 
ARPANet,  the  world’s  first  computer  packet  network,  in  1966.  Roberts 
also  founded  the  first  packet  data  communications  carrier, Telenet, 
which  subsequently  became  the  data  division  of  Sprint 

President,  CEO  and  Chairman  Bill  Krause  may  be  best-known 
for  his  role  as  president  and  CEO  of  3Com  through  the  company's 
high-growth  years  in  the  1980s.  At  that  time,  3Com  grew  from  a 
venture  capital  funded  start-up  to  become  a  $600  million  publicly 
traded  data  networking  company  with  operations  worldwide. 

Krause  also  spent  14  years  at  HP  with  overall  responsibility  for 
the  company's  PC  business.  Before  joining  Caspian,  Krause  was 
CEO  and  president  of  Internet  outsourcing  firm  Exodus 
Communications,  which  was  purchased  by  Cable  &  Wireless. 
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120G  bit/sec  of  I/O  per  1 /3-rack 
shelf  to  360G  bit/sec  per  rack. 
Twelve  of  Apeiro’s  1 7  slots  are  for 
line  cards;  the  other  five  house 
shelf  supervisor,  switch  fabric  and 
application  —  or  route  —  proces¬ 
sor  cards.  Four  switch  fabric  cards 
per  shelf  can  be  deployed  for 
redundancy  and  load  sharing. 

The  system  supports  36  10G 
bit/sec  Ethernet  or  OC-192c  ports 
per  rack,  and  144  OC-48cs  (2.5G 
bit/sec)  and  OC-12cs  (622M  bit/ 
sec),  288  1G  bit/sec  Ethernet  and 
432  OC-3c  interfaces. 

The  router  is  designed  to  pro¬ 
vide  the  scale  and  performance 
of  IP  with  the  deterministic 
behavior  of  ATM,  Caspian  says. 
Apeiro  identifies  packet  flows 
with  identical  source/destination 
addresses, stores  flow-routing  and 
forwarding-state  information  in 
memory,  and  then  attaches  band¬ 
width,  jitter  and  delay  guarantee 
information  to  those  flows,  the 
company  says. 

Caspian  has  an  incentive  pro¬ 
gram  called  CORE  (Capex/Opex 
Reduction  Enhancement)  to 


encourage  service  providers  to 
trade  in  routers  or  ATM  switches 
from  leading  manufacturers  to 
receive  credit  toward  purchases 
of  Apeiro  boxes. 

Apeiro  is  available  now.  It  will 
enter  field  trials  in  four  to  six 
months  with  10  carriers,  Caspian 
says.B 
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■  THIS  WEEK’S  QUESTION: 


Which  technology  is 
theWiMAX  Forum 
dedicated  to? 


Answer  this  and  nine  addtional  questions 
online  and  you  codd  win  $500!  Visit 

Network  World  Fusion  and  enter  2349 
in  the  Search  ]x». 

www.nwfusion.com 


It  always  happens  with  the  last  piece... 


You  know  what  you  need,  but  you  just 
can't  find  it. 

Your  data  center  is  growing,  faster  than  your  resources. 
You  need  hands-on  control  of  your  local  server  racks  as 
well  as  the  servers  at  different  locations.  How  do  you 
complete  the  picture? 

With  one  of  Avocent's  enterprise-class  KVM  switches. 
Our  solutions  are  specifically  tailored  to  your  unique 
server  management  requirements. 


Direct  access  to  multiple  servers  from  your  data  center. 
Standard  IP  access  to  servers  in  any  location  world¬ 
wide.  Custom  configuration  for  the  level  of  access 
and  control  you  need.  Streamlined  cable  management. 
Feature-rich  software  designed  for  easy  installation 
and  system  administration. 

Now  you've  got  the  whole  picture.  Avocent's  advanced 
analog  and  digital  KVM  solutions  -  a  perfect  fit  for  your 
server  room. 


Download  our  free  whitepaper  KVM  for  the  Enterprise  at 
www.avocent.com  or  call  us  at  1-866-AVOCENT  (286-2368),  ext.  3005. 


Avocent 


Avocent.  the  Avocent  logo  and  The  Power  of  Being  There  are  trademarks  of  Avocent  Corporation.  Copyright  ft  2003  Avocent  Corporation. 
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IRS 

continued  from  page  1 

of  45  network  administrators  and  18  con¬ 
tractors  carried  out  management  tasks. 

“A  best  practices  organization  should 
only  be  spending  about  60%  [of  its  IT  bud¬ 
get]  on  operations  and  maintenance.  We 
were  spending  80%,  and  one  of  the  largest 
components  was  labor,” 
says  Jim  Kennedy,  pro¬ 
gram  manager  for  enter¬ 
prise  systems  manage¬ 
ment  at  the  Austin  center. 

“The  only  way  to  accom¬ 
modate  additional  work¬ 
load  was  to  hire  people, 
but  we  were  bumping  up 
against  salary  restrictions 
already.  We  simply  could 
not  hire  anyone  else.” 

Using  the  management 
software,  the  staff  has  con¬ 
ducted  180,000  software 
distributions  since  Jan¬ 
uary  involving  a  mix  of 
1,800  applications,  patch¬ 
es  and  upgrades,  Kennedy 
says.  Under  the  old  system 
it  took  the  IRS  20  minutes 
per  update  per  device, 
whereas  the  new  system 
lets  a  network  administra¬ 
tor  send  out  one  update  to 
400  desktops  in  just  1 
minute,  he  says. 

The  management  soft¬ 
ware  is  targeted  at  a  net¬ 
work  consisting  of  about 
125,000  mostly  Windows 
desktops  and  5,000  servers 
(including  mainframes), 
running  a  mix  of  Win¬ 
dows,  Solaris  and  other 
operating  systems. 


50%  more  public  Web  site  use  and  25% 
more  e-mail  messages. 

Kennedy  and  his  team  anticipated  the 
need  for  a  more  efficient  and  responsive 
network  when  it  began  a  phased  rollout  of 
the  Tivoli  system  that  stretched  from  late 
1998  till  the  end  of  last  year  and  took  20 
dedicated  staffers  to  pull  it  off. 

While  Kennedy  knew  his  ultimate  goal 
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Keeping  track 


The  IRS  installation  of  Tivoli’s  multilayer  management 
system  lets  network  administrators  at  the  agency’s 
Austin  support  center  keep  a  closer  eye  on  132,000 
networked  devices,  including  servers  and  desktop 

machines.  _ 

TEC  server  jj,e  master  jmr  server 

delivers  data  about  desktops 
and  servers,  such  as  the 
operating  system  version  or 
the  software  license 
agreement,  to  the  TEC.  The 
master  TMR  also  receives 
software  updates  via  the  TEC. 


A  network  manager  uses  a 
Web  interface  to  access  data, 
administer  rules,  and  perform 
inventory  and  software 
distribution  via  a  TEC  server. 
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Desktops  and  servers 


Vital  network 

Drastically  improving  the 
organization’s  management  system  was 
necessary  given  that  roughly  41  million  U.S. 
residents,  or  nearly  three-quarters  of  all  tax¬ 
payers,  now  are  using  Web-based  applica¬ 
tions  from  the  IRS  and  others  to  file  their 
returns. 

The  Austin  support  center  is  one  of  23 
such  facilities  making  sure  that  the  IRS  net¬ 
work  and  computing  systems  can  support  a 
growing  online  clientele  using  an 
increased  variety  of  tax  applications. 

And  the  IRS  is  looking  to  pump  more 
money  into  IT,  asking  for  a  5%  budget 
increase  in  fiscal  2004  that  would  allocate 
$1.7  billion  to  information  systems  and 
$429  million  to  business  services  modern- 
ization.The  IRS  says  its  information  services 
!;roup  will  have  to  upgrade  and  maintain 
capacity  increases  of  49%  for  its  mainframe 
and  150%  for  midrange  servers,  and  sup¬ 
port  nearly  double  data  network  band¬ 
width  use,  50%  more  voice  message  boxes, 


was  to  automate  the  local  and  remote  man¬ 
agement  of  desktops,  servers  and  other  net¬ 
worked  devices,  his  first  step  was  to  get  a 
handle  on  what  the  IRS  had  on  its  network. 

He  first  rolled  out  Tivoli  Inventory  soft¬ 
ware  to  scan  each  device  once  every  14 
days  and  deliver  the  hardware  information 
through  an  asset  management  product 
from  Peregrine  Systems,  which  alerts 
Kennedy’s  team  of  changes  and  stores  the 
updated  data  in  an  Oracle  database. 

The  IRS  used  the  inventory  data  to  set  up 
450  gateways  that  sit  in  front  of  desktops 
and  servers,  feeding  information  to  13  Tivoli 
Managed  Resource  (TMR)  servers  and  one 
master  managed  resource  server  that  passes 
the  data  to  Tivoli  Enterprise  Console  (TEC) 
software  on  38  Unix  servers.  TMR  servers 
also  receive  data  from  TEC  servers.  Agents 
also  were  installed  on  managed  devices  to 
help  collect  data  locally  Administrators  use 
TEC  to  access  data  and  manage  the  network 


(see  graphic). 

Installing  and  integrating  the  gateway, 
TEC,  TMR  and  agent  across  his  distributed 
network  took  more  than  three  years,  but 
Kennedy  says  once  the  Tivoli  software  infra¬ 
structure  was  in  place,  rolling  out  the  indi¬ 
vidual  management  applications  could 
take  as  little  as  four  months. While  the  tools 
to  remotely  manage  desktops  and  servers 
are  in  place,  the  IRS  is  still  in  the 
process  of  fully  deploying  IBM 
Tivoli  NetView  and  Tivoli 
Monitoring  for  applications 
such  as  MQSeries  and  Web¬ 
Sphere. 

Overall,  the  IRS  has  about  900 
workstations  and  servers  dedi¬ 
cated  to  its  management  system, 
which  also  includes  applications 
such  as  Tivoli  Software  Distribu¬ 
tion,  Remote  Control  and  Distrib¬ 
uted  Monitoring.  Kennedy  began 
rolling  out  these  separate  prod¬ 
ucts  before  last  fall,  when  Tivoli 
combined  its  software  distribu¬ 
tion  and  inventory  products  into 
one  offering  called  Tivoli  Config¬ 
uration  Manager. 

— — .rx  Kennedy  says  the 

475  software  distribu¬ 
tion  repositories  in 
his  network  for  sup¬ 
porting  end  users 
and  automating 
patches  helped  him 
shut  down  the  Nimda 
virus  before  the  soft¬ 
ware  distribution 
application  was  even  fully 
rolled  out. 

“When  Nimda  hit,  we  used 
Tivoli’s  inventory  tool  to  tell  us 
which  Web  server  was  the 
cause  for  our  infection,”  he  says. 
“After  inventory  identified  it,  we 
used  what  we  had  of  software 
distribution  to  automatically 
push  out  the  new  virus  defini¬ 
tion  to  78,000  devices.” 

Kennedy  says  he  is  enjoying  the  manage¬ 
ment  project  payoff  now,  though  acknowl¬ 
edges  frustration  with  the  project  taking 
longer  than  anticipated. 

“We  underestimated  how  long  it  takes  to 
build  an  enterprise  systems  management 
infrastructure,”  he  says.  “In  this  size  of  an 
organization,  it  isn’t  just  plug-and-play  no 
matter  what  the  software  is.” 

But  he  says  establishing  the  infrastructure 
now  will  let  the  IRS  deploy  Tivoli  and  third- 
party  applications  easily  and  quickly 
enough  to  keep  up  with  leading-edge  tech¬ 
nologies.  Kennedy  adds  that  saving  $2.6 
million  in  the  first  quarter  of  its  full  deploy¬ 
ment  leads  him  to  believe  the  IRS’  invest¬ 
ment  in  Tivoli  will  continue  to  pay  for  years 
to  come.  ■ 
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TMRs  and  gateways  at 
branch  offices  collect 
data  from  servers  and 
desktops,  passing  it  to 
the  master  TMR.  They 
also  receive  updates 
from  the  master  TMR. 
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■  TCP/IP,  LAN/WAN  SWITCHES 

■  ROUTERS  ■  HUBS 

■  ACCESS  DEVICES  ■  CLIENTS 

■  SERVERS  ■  OPERATING  SYSTEMS 

■  VPNS  ■  NETWORKED  STORAGE 


Takes 

■  IBM  last  week  added  a  entry-level 
storage  server  to  its  storage  portfo¬ 
lio.  The  IBM  TotalStorage 
FastT600  offers  three  times  the 
throughput  of  IBM's  previous  entry- 
level  offering,  the  FastT200,  accord¬ 
ing  to  IBM.  With  expansion  units,  it 
scales  up  to  6  terabytes  of  data  and 
can  support  up  to  42  hard-disk  dri¬ 
ves.  The  server  supports  Windows, 
Linux  and  Unix  operating  systems 
from  HP,  IBM  and  Sun. The  box  fea¬ 
tures  IBM's  Dynamic  Capacity 
Addition  technology,  which  lets 
unused  storage  be  activated  without 
stopping  operations.  Also  packaged 
with  the  FastT600  is  IBM's  FastT 
Storage  Manager  software  for  cen¬ 
trally  managing  FastT  subsystems 
and  its  optional  FastT  Service  Alert, 
which  notifies  IBM  technicians  if 
problems  occur.  FastT600  starts  at 
$15,000.  IBM  is  pitching  the  server  at 
the  increasingly  crowded  market  for 
storage  servers  aimed  at  midsize 
businesses,  emphasizing  price  and 
features  for  easing  management 
burdens. 

■  Gateway  is  determined  to  improve 
its  standing  among  corporate  cus¬ 
tomers  by  improving  its  server  lines. 
The  company  announced  that  it 
launched  two  new  rack  servers  with 
Intel’s  Xeon  processors. The  launch 
of  the  1U  Gateway  955  series  and 
2U  Gateway  975  series  rack 
mounted  servers  are  the  company’s 
seventh  and  eighth  server  lines.  Both 
servers  are  dual-processor  capable, 
but  ship  with  only  one  processor. 
They  come  with  dual  Gigabit 
Ethernet  ports  and  two  PCI-X  slots 
for  additional  I/O  capacity.  A  base 
configuration  of  the  955  series  with  a 
single  1.8-GHz  Xeon  processor,  an 
18G-byte  Ultra160  SCSI  hot-swap¬ 
pable  hard  drive  and  Gateway’s 
Server  Manager  software  for  $1,700. 
The  975  series  starts  at  $2,200  with  a 
single  2.4-GHz  Xeon  processor,  512M 
bytes  of  error  checking  and  correct¬ 
ing  double  data  rate  memory,  a  36G- 
byte  Ultra320  SCSI  hot-swappable 
hard  drive  and  the  Server  Manager 
software. 


Extreme  adds  switch  oomph 

Streaming  media,  autonegotiation  modules  make  their  debuts. 


Streaming  without  multicast 

New  ASICs  on  Extreme’s  BlackDiamond  switch  modules  let  the  box  perform 
hardware-based  multimedia  streaming  without  IP  multicast  complexity. 


BlackDiamond  switch 


O  A  single  media  server  ©  Port  modules  based  on  the  Triumpth  ASCI  architecture  0  One  media  server  can 
sends  streamed  include  buffers,  which  identify  subscribers  to  a  serve  thousands  of 

content  to  a  Black-  multimedia  stream  attached  to  the  switch  and  send  subscriber  PCs. 

Diamond  switch.  streamed  content  to  the  end  user. 


Sun  fills  server,  storage 
families  at  product  blowout 


■  BY  PHIL  HOCHMUTH 

SANTA  CLARA  —  Extreme  Networks  last 
week  introduced  Gigabit  Ethernet  chassis 
modules  powered  by  new  feature-rich  sil¬ 
icon  that  could  serve  to  remind  cus¬ 
tomers  that  the  company  with  the  purple 
boxes  is  still  after  their  high-end  switch 
business. 

A  new  module  introduced  for  Extreme’s 
BlackDiamond  switch  could  help  compa¬ 
nies  deploy  more  efficient  multimedia 
streaming  for  applications  such  as  corpo¬ 
rate  content  distribution  or  online  hosting 
services.  Other  new  modules  could  help 
companies  deploy  high-density  10/100/ 
1000M  bit/sec  Ethernet  LANs,  and  they  in¬ 
clude  tools  to  manage  and  troubleshoot 
physical  layer  connections  and  cables. 

At  the  heart  of  these  offerings  is  Ex¬ 
treme’s  new  ASIC  design,  which  it  calls 
Triumph  —  the  third  generation  of  silicon 
for  the  BlackDiamond. 

Extreme’s  Streaming  Media  Accelerator 
(SMA)  module  is  a  new  product  based  on 
Triumph. With  the  hardware-based  stream¬ 
ing  technology  the  company  says  SMA- 
based  streaming  is  easier  to  manage  and 
less  expensive  to  deploy  than  a  network 
full  of  IP  multicast-enabled  routers. 

SMA  lets  up  to  80,000  subscribers  attach 
to  media  streams  replicated  from  one  ser¬ 
ver  and  a  BlackDiamond  switch. The  SMA 
module  acts  as  a  proxy  between  a  stream¬ 
ing  media  server  and  subscriber  PCs,  and 
recognizes  clients  that  are  subscribers  to  a 
certain  media  stream.  Streamed  content 
from  the  server  is  buffered  in  the  SMA 
module  and  sent  to  subscribers  over  the 
network.  No  other  network  gear  needs  to 
be  configured  for  supporting  multicast 
protocols,  the  company  says,  and  fewer 
servers  are  required  to  serve  up  the 
content. 

A  BlackDiamond  with  the  SMA  module 
was  deployed  at  AOL  Time  Warner  last 
month  for  streaming  audio  content  to 
subscribers.  While  IP  Multicast  has  been 
the  industry  standard  for  streaming 
media, says  Scott  Brown, senior  technical 
manager  of  vertical  applications  for  AOL, 
“it  unfortunately  has  significant  configu¬ 
ration  requirements  on  the  routing  de¬ 
vices  between  the  media  consumer  and 
the  media  distribution  point.”  He  adds 
that  the  ability  of  SMA  to  propagate  uni¬ 
cast  traffic  to  multiple  recipients  avoids 
See  Extreme,  page  18 


■  BY  DENI  CONNOR  AND  JENNIFER  MEARS 

SAN  FRANCISCO  —  In  a  wide-ranging 
announcement  Sun  last  week  bolstered 
its  low-end  servers  for  customers  serving 
up  Web  pages,  running  firewalls  or  filling 
out  server  farms  and  reinforced  its  system 
for  managing  storage  resources. 

The  introduction  of  Sun’s  SunFire  V210 
and  the  rack-optimized  V240  servers  came 
out  last  week  as  part  of  the  company’s 
quarterly  rollout.  The  servers,  which  are 
the  first  to  use  Sun’s  UltraSparc  llli  proces¬ 
sor,  are  an  effort  to  compete  more  effec¬ 
tively  with  low-end  Intel  boxes  from  Dell, 
HP  and  IBM. 

“What  Sun’s  really  doing  here  is  they’re 
doing  the  best  they  can  to  remain  price 
competitive,”  says  Gordon  Haff,  a  senior 
analyst  at  Illuminata.Sun  is  rolling  out  the 
V210  and  V240  as  it  strives  to  keep  its  cus¬ 
tomer  base  and  reduce  “the  impetus  to 
switch  from  Sun,”  he  says. 

“It’s  important  for  Sun  to  protect  itself  by 
producing  entry-level  systems.  New  appli¬ 
cations  begin  on  these  V2 10  and  V240  sys¬ 
tems  and  migrate  up  as  they  become  suc¬ 
cessful,”  says  John  Groenveld,  associate 


research  engineer  at  Penn  State  Uni¬ 
versity’s  Applied  Research  Laboratory,  in 
State  College.  “As  a  customer,  if  I  suspect 
my  application  is  going  to  grow  rapidly  in 
the  medium  term,  then  it  makes  sense  for 
me  to  start  off  with  SPARC  systems.  I  don’t 
believe  x86  and  SPARC  are  mutually  ex¬ 
clusive  on  the  low-end.” 

The  two-processor  servers  come  with 
Solaris  8  and  the  Sun  One  software  stack, 
including  the  Sun  One  Web  server  and 
Sun  One  application  server;  Solaris  9  is 
available  as  an  option. 

To  differentiate  its  low-end  boxes,  Sun 
has  added  integrated  Gigabit  Ethernet 
ports,  remote  management  capabilities 
and  mobile  server  identity,  meaning  server 
configurations  can  be  migrated  among 
servers  automatically  as  standard  fea¬ 
tures, says  Souheil  Saliba.vice  president  of 
marketing  for  volume  server  products  at 
Sun.  In  addition,  an  integrated  Secure 
Sockets  Layer  daughtercard  that  does  not 
take  up  an  expansion  slot  is  available  as  a 
security  option,  he  says. 

Sun  says  the  1U  V210  and  the  2U  V240 
will  be  available  May  20  with  prices 

See  Sun,  page  18 
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Aggregating  air:  Toward  optimizing  wireless 


While  we  are  barely  into  the  second 
quarter  of  the  year,  it  is  already  rea¬ 
sonable  to  label  2003  the  year  of 
enterprise  wireless.  Aruba,  Trapeze  —  and 
now  Engim  —  are  taking  a  distinctly  enter¬ 
prise  look  at  harnessing  wildly  popular 
wireless.  For  its  part,  Engim  is  focusing  on 
the  most  constrained  resource:  the  thin 
air  itself. 

A  chipmaker  coming  out  of  stealth  mode, 
the  company  says  it  has  solved  a  lot  of  prob¬ 
lems  associated  with  delivering  enterprise- 
class  performance  —  or“wired  experience” 
for  corporate  wireless  LAN  (WLAN)  users. 
Ironically,  the  company  has  solved  prob¬ 
lems  that,  I’d  bet,  most  enterprise  network 
managers  aren’t  aware  they  even  have.  Of 
course,  that  is  part  of  the  problem  too. 


The  technical  part  of  the  problem  is 
that,  in  a  world  where  vendors  are  push¬ 
ing  dedicated,  billion-bit-per-second 
desktop  connections,  the  ubiquitous 
wireless  standard,  IEEE  802.11b,  func¬ 
tions  more  like  a  10M  bit/sec  Ethernet 
hub.  It  provides  shared  rather  than  dedi¬ 
cated  bandwidth,  and  like  the  bad  old 
days,  high  use  by  one  user  can  translate 
into  poor  response  time  for  other  users. 
And  that  is  with  ideal  conditions. 

Interference  from  building  materials,  sig¬ 
nal  degradation  caused  by  distance  from 
the  access  point  —  even  your  colleague 
using  the  microwave  —  could  cause  users 
to  drop  to  about  1M  bit/sec  communica¬ 
tion  with  the  access  point.  (See  a  review  of 
WLAN  analyzers,  page  39.) 

So  why  no  howls  from  users?  Well, in  many 
places,  deployment  is  in  the  early  stages,  so 
performance  problems  have  not  yet  mani¬ 
fested.  As  with  cell  phones,  the  benefits  of 
mobility  far  outweigh  problems  with  speed 
or  quality  And  if  you  complain,  your  IT  guy 
might  grab  your  wireless  network  interface 
card  and  shove  a  cable  in  your  face. 


There  is  a  human  aspect  to  the  problem 
as  well.  Precious  few  of  us  old-line  data  net- 
workers  are  radio  frequency  experts.  As  fast 
as  you  can  say  “Orthogonal  Frequency  Di¬ 
vision  Multiplexing”  (OFDM),  we’re  head¬ 
ing  for  the  hills. 

Today’s  plug-and-play  wireless  is  about 
as  complicated  and  fast-moving  a  tech¬ 
nology  as  we’ve  seen  in  a  while.  I  always 
judge  complexity  relative  to  ATM  —  the 
gold  standard  of  complexity.  802.1 1  wire¬ 
less  seems  to  have  it  beat  —  simultane¬ 
ously  shipping  three  “standard”  flavors  of 
the  technology  with  more  dot-eleven  sub¬ 
committees  seeming  to  spawn  daily  And 
because  our  users  are  not  complaining, 
why  dig  deeper  when  there  are  so  many 
other  things  to  do? 

Current  generation  chipsets  simply  aren’t 
designed  to  optimize  the  wireless  environ¬ 
ment.  In  the  most  basic  sense,  available 
bandwidth  is  not  harnessed  effectively  An 
802.1  lb  single-radio  access  point  has  three 
channels,  but  will  use  just  one.  This  access 
point  might  be  communicating  with  nearby 
users  at  multiple  megabits  per  second  while 


communicating  with  more  distant  users  at 
less  than  1M  bit/sec.  Given  the  round-robin 
approach  used  by  access  points  when  ser¬ 
vicing  clients,  “fast”  clients  could  end  up 
waiting  for  slow  clients  to  finish  communi¬ 
cation.  Thus  the  presence  of  “slow"  clients 
could  degrade  performance  for  all  users  of 
the  access  point. 

The  Engim  approach  is  to  “aggregate  air” 
(my  term,  not  theirs)  by  utilizing  multiple 
channels  simultaneously  and  optimizing 
other  aspects  of  the  radio  frequency  envi¬ 
ronment.  When  you  apply  these  principals, 
say  to  802.11a,  which  offers  eight  54M 
bit/sec  channels,  you  get  some  impressive 
possibilities. 

(By  the  way  if  you  feel  compelled  to  learn 
about  OFDM,  you’ll  be  happy  to  know  that 
PaloWireless  has  an  OFDM  Resource 
Center  at  www.palowireless.com/ofdm/ 
tutorials.asp.) 

Tolly  is  president  of  The  Tolly  Group,  a 
strategic  consulting  and  independent  testing 
company  in  Manasquan,  NJ.  He  can  be 
reached  at  ktolly@tolly.com. 
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starting  at  $3,000  for  the  V210 
and  $3,500  for  the  V240. 

In  addition,  Sun  has  stepped  up 
the  performance  of  other  entry- 
level  products,  including  the 
Solaris-based  Sun  Fire  280R  ser¬ 
ver,  the  Netra  20  server  and  the 
Sun  Blade  2000  workstation,  by 
adding  the  new  UltraSparc  Ilii  1.2- 
GHz  processor. 

Stepping  up  storage 

On  the  storage  side,  Sun  an¬ 
nounced  two  midrange  storage 
arrays  —  the  StorEdge  6120  and 
6320  —  for  customers  interested 
in  consolidating  storage  re¬ 
sources.  The  6120  is  a  3U-high 
enclosure  with  as  many  as  14 
Fibre  Channel  drives  for  an  upper 
raw  capacity  of  12  terabytes.  The 
6320  is  available  in  a  single-  or 
dual-rack  enclosure  and  has  a 
capacity  of  45  terabytes. 

Included  at  no  charge  with  the 
6120  and  6320  is  Sun’s  storage- 
area  network  management  soft¬ 
ware,  called  StorEdge  Enterprise 
SAN  Manager;  Storage  Policies 
software,  which  provides  precon¬ 
figured  rules  for  managing  appli¬ 
cations  such  as  online  transaction 
processing, e-mail, data  warehous¬ 
ing  and  Oracle  databases.  The 
6120  starts  at  $74,600  for  a  2-ter¬ 
abyte  configuration;  the  6320 
starts  at  $60,800.  Both  are  sched¬ 
uled  to  be  available  this  month. 

“Sun  is  positioning  its  midrange 
storage  as  the  innovation  plat¬ 
form  lor  the  rest  of  their  products. 
That's  a  wise  move  since  the  high- 


end  market  isn’t  growing  as  fast  as 
the  midrange,  and  it  says  a  lot 
about  how  users  are  looking  for 
broader  management  features  in 
the  midrange, ’’says  Jamie  Gruener, 
senior  analyst  for  The  Yankee 
Group. 

Sun  also  introduced  its  N1  Data 
Platform,  which  consolidates  a 
variety  of  Sun  storage  arrays  into 
a  single  pool  of  data. 

The  N1  Data  Platform  aims  to  let 
customers  manage  multiple  stor¬ 
age  arrays  as  if  they  were  one 
large  system,  allocating  disk 
space  to  applications  and  data¬ 
bases  as  needed.  The  system  is 
still  in  the  pilot  stage  and  includes 
only  some  of  the  capabilities  pro¬ 


Extreme 
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complexity  and  requires  less 
gear. 

“Using  the  Extreme  SMA  [mod¬ 
ule],  we  are  able  to  deploy  far 
fewer  devices,  which  translates  to 
less  overhead  all  around  in  terms 
of  human  resource,  floor  space, 
power  and  ancillary  network 
equipment,”  Brown  adds. 

The  Triumph  ASICs  are  the 
brains  behind  a  new  24-port 
blade,  dubbed  the  G25T,  that 
autonegotiates  among  10M,  100M 
and  1G  bit/sec  connections. 
Extreme  also  offers  the  G16X,  a  16- 
port  line  card  based  on  Triumph 
that  can  use  Gigabit  Interface 
Converter  modules  with  either 
copper-  or  fiber-based  Gigabit 
Ethernet  connections. 

For  cable  and  physical  link 


The  Sun  Fire  V210  and  Sun  Fire 
V240  (above)  are  the  first  to  use 
Sun’s  UltraSparc  llli  processor. 


mised.  It  sits  between  a  compa¬ 
ny’s  servers  and  storage  equip¬ 
ment  and  includes  software  for 
grouping  disks  into  logical  units, 
dividing  them  into  secure  zones 
and  taking  snapshots  for  data  pro¬ 
tection.  The  N1  Data  Platform  is  a 
result  of  Sun’s  acquisition  of  Pirus 
Networks,  a  start-up  that  manufac¬ 


management,  Extreme  says  its 
Triumph  ASICs  on  the  G24T  and 
G16X  cards  can  sense  bad  port 
connections.  Each  port  can 
detect  how  long  a  network  cable 
is  (in  meters),  and  the  modules 
can  sense  faults,  such  as  improp¬ 
erly  terminated  cables  or  mis- 
configured  connections,  be¬ 
tween  the  port  and  attached 
devices. 

Another  feature  supported  in 
the  Triumph-based  modules  is 
what  Extreme  calls  T-Control  Rate 


tured  a  multiprotocol  storage 
switch,  which  performs  virtualiza¬ 
tion  functions  such  as  point-in¬ 
time  copy 

The  N1  Data  Platform  costs 
$112,600  and  will  be  available 
this  month. 

“The  N1  Data  Services  Platform 
is  interesting  because  Sun  has 
identified  other  vendors  where 
virtualization  fits  in  the  network. 
Longer  term,  the  N1  Data  Ser¬ 
vices  Platform  is  going  to  be  a 
management  tool  Sun  can  use  as 
a  gateway  to  its  storage  arrays,” 
Gruener  says. 

Sun  also  announced: 

•  An  upgrade  to  its  Trusted  So¬ 
laris  operating  environment  that 


Shaping,  in  which  the  bandwidth 
on  individual  ports  can  be  limited 
from  1M  to  1G  bit/sec,  based  on 
network  rules  and  management 
criteria.  For  instance,  networks 
that  are  disrupted  by  the  use  of 
point-to-point  file  sharing  or 
Internet  radio  could  limit  speeds 
on  those  connections,  while  let¬ 
ting  more  important  network  traf¬ 
fic  run  at  full  throttle,  the  com¬ 
pany  says. 

One  of  Extreme’s  challenges 
will  be  to  convince  companies 


will  ship  in  the  second  quarter 
and  support  x86-based  systems 
and  Sun’s  own  Sparc  platform. 
Pricing  is  $1,000  for  a  standard 
edition  and  $2,500  for  a  certified 
edition. 

•  Secure  Trading  Agent,  a  Java 
client  product  that  extends  the 
Sun  One  integration  Server  B2B 
Edition  and  aims  to  secure  the  ex¬ 
change  of  XML,  electronic  data  in¬ 
terchange  and  other  documents 
between  trading  partners.  It  costs 
$2,000  per  host,  per  connection. 

•  Sun  One  Collaborative  Busi¬ 
ness  Platform  integrates  e-mail, 
instant  messaging,  calendar, 
search  and  content  manage¬ 
ment  capabilities.  ■ 


that  Triumph  is  more  than  just  a 
package  of  bells  and  whistles, 
one  industry  observer  says. 

“Extreme  has  been  known  as 
the  vendor  with  all  those  features 
that  no  one  uses,”  says  Zeus  Ker- 
ravala,  a  senior  analyst  with  The 
Yankee  Group. “They’ve  definitely 
built  a  lot  of  extra  capabilities 
into  their  box  again;  we’ll  see  if 
they  can  articulate  those  features 
into  a  business  value.” 

Kerravala  says  Extreme  will 
have  to  be  convincing  when 
making  the  business  case  for  its 
gear,  as  its  high-end  switching 
competition  continues  to  ramp 
up.  He  says  recent  price  reduc¬ 
tions  from  Force  10  Networks,  a 
10G  and  Gigabit  product  splash 
from  Cisco  last  month,  and  a 
next-generation  platform  coming 
up  from  Foundry  Networks  are 
threats  to  Extreme.  ■ 


li  Using  the  Extreme  SMA  [module],  we  are 
able  to  deploy  far  fewer  devices,  which 
translates  to  less  overhead  all  around.  99 

Scott  Brown 

Senior  technical  manager  of  vertical  applications,  AOLTime  Warner 
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Battery  Life: 
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battery  life. 
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most  demanding 
business 
applications 
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intel.com 


Introducing  Inter  Centrino™  mobile  technology. 
The  new  generation  of  laptop  technology 
engineered  to  unwire  your  business. 


Until  now,  the  promise  of 
a  truly  wireless  workforce 

/JJlIJJiD.U  has  been  iust  that:  a 

BpIK^  promise.  Inter  Centrino™ 
techno?ogv  mobile  technology  delivers 

on  that  promise  with  unprecedented 
levels  of  mobility  for  your  users 
and  an  easier  deployment  for  you. 
Intel  is  working  with  other 
industry  leaders  to  make 
wireless  networking  not  only 
reliable,  but  secure.  Intel  Centrino 
mobile  technology  is  compatible 
and  validated  with  Cisco  enterprise 
access  points.  And  Intel  continues 
to  work  closely  with  VeriSign, 
Check  Point  Software  and 
other  leading  technology  companies 
to  optimize  security  solutions. 
The  unwired  office  starts  inside. 
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Think  of  it  as 

COMDEX  To  Go 


V  COMDEX  did  not  become  the  country’s  leading  IT  event  by  following. 
Once  again,  we  lead  the  way  by  launching  COMDEX  Innovation  Forums. 


June  12,  2003 
Autonomic  Computing 


June  24,  2003 
Wireless  and  IM 


May  21,  2003 
Technology  Transfer 


Visit  our  Web  site  for 
city-specific  details. 
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|  A  Key3Media 
Group  Event 


June  2003 
Digital  Convergence 


Bringing  the  latest  technology  closer  to  home: 
COMDEX  Innovation  Forums. 

Future  technologies.  Industry  leaders.  Hot  trends.  The  Forums  bring 
what  you  love  to  where  you  live. 

Led  by  industry  experts,  these  free  half-day  workshops  dive  into  the 
latest  in  information  technology  and  communications. 


Spend  some  time  at  the  Forum, 
save  some  money  on  COMDEX. 

Everyone  who  attends  an  Innovation  Forum  receives  15%  off  their 
COMDEX  Fall  2003  Flex  Pass. 

Another  great  reason  to  join  us. 

The  first  25  people  who  register*  for  each  event  receive  a 
free  copy  of  David  Moschella’s  new  book,  Customer-Driven  IT: 
How  Users  Are  Shaping  Technology  Industry  Growth. 


You  go  to  COMDEX  to  find  out  what’s  new. 

Get  to  COMDEX  Innovation  Forums  to  find  out  first. 

Free  to  attend. 

Register  today  at  www.comdex.com/forums 


COMDEX 


INNOVATION  FORUMS 


•Must  be  present  to  receive  book.  BRINGING  TECHNOLOGY  TO  YOU 
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Citadel  adds 
power  to  its 
scan-patch  tool 

■  BY  ELLEN  MESSMER 

DALLAS  —  Citadel  next  month  plans  to 
ship  an  updated  version  of  its  software 
scan-and-patch  tool  that  promises  to  let 
users  quickly  install  software  patches  or 
strip  out  a  troublesome  patch  and  apply 
the  old  code  back  into  the  application. 

In  addition  to  this  patch  “roll-back”  fea¬ 
ture  in  Hercules  2.0, Citadel  will  have  a  way 
to  schedule  patch  updates  for  the  operat¬ 
ing  systems  it  supports,  including  Microsoft 
Windows,  Unix  and  Linux  as  well  as  appli¬ 
cations  such  as  Internet  Explorer,  SQL 
Server,  Apache  and  Office.  Hercules  is  a 
security  tool  that  imports  and  aggregates 
data  from  several  vulnerability  scanners  — 
including  Microsoft’s  HFNetCk  and  eEye 
Digital  Security’s  Retina  Digital  Security 
Scanner  —  and  provides  for  an  automated 
or  manual  patch-remediation  process  via 
the  Hercules  management  console. 

Hercules  consists  of  agent  software  that 
must  be  loaded  onto  the  servers  and  work¬ 
stations,  and  the  Hercules  management 
console,  which  keeps  track  of  any  vulnera¬ 
bilities  and  patch  recommendations  scan¬ 
ner  vendors  announce. 

The  idea  behind  Hercules  and  products 
from  similar  vendors,  including  Big  Fix, 
ConfigureSoft,  Harris,  PatchLink,St.  Bernard 
See  Citadel,  page  24 


Siebel  guards  its  CRM  domain 


Takes 


■  IntelliReach  last  week  announced 
e-mail  archiving  software  de 

signed  for  long-term  storage  of  mes¬ 
sages  and  for  companies  facing  com¬ 
pliance  with  legislation  such  as  the 
Health  Insurance  Portability  and 
Accountability  Act  or  the  Security 
Exchange  Act.  MessageArchive  2.0, 
which  is  an  IntelliReach  branded  ver¬ 
sion  of  British  vendor  BridgeHead 
Software's  MailStore,  will  fill  out 
IntelliReach's  product  line,  which 
includes  content  filtering,  spam  con¬ 
trol,  secure  messaging  and  message 
analysis.  MessageArchive  stores  and 
indexes  all  e-mail  and  creates  an  audit 


■  BY  ANN  BEDNARZ 

SAN  MATEO,  CALIF  —  Wall  Street  went 
easy  on  Siebel  Systems  last  week  after  the 
vendor  warned  it  would  miss  its  first-quar¬ 
ter  earnings  estimates.  But  if  the  CRM  mar¬ 
ket  leader  is  to  retain  its  title, sim¬ 
pler  products  and  easier  up-  i 
grades  are  in  order,  experts  say  I 

Blaming  a  weak  economy  and 
a  handful  of  postponed  sales,  Siebel  says 
it  will  post  lower-than-expected  total  rev¬ 
enue  of  $330  million  to  $335  million  and 
software  license  revenue  of  about  $112 
million  when  it  officially  announces  quar¬ 
terly  results  later  this  month.  Nonetheless, 
Siebel’s  stock  rose  24  cents  to  close  at 
$7.99  on  the  first  business  day  after  the 
negative  news. 

One  reason  for  Wall  Street’s  light-handed 
treatment  of  Siebel  is  that  analysts  were 
expecting  the  miss.  Investment  research 
firm  Goldman  Sachs  called  Siebel’s  license 
revenue  shortfall  “pretty  significant”  — 
Siebel  in  January  provided  license  revenue 
guidance  of  $130  million  to  $150  million. 
But  there  was  broad  anticipation  that 
Siebel,  like  many  other  software  compa¬ 
nies,  would  pre-announce  missed  earn¬ 
ings,  according  to  the  research. 

That’s  not  to  say  Siebel  can  breathe  easy 
To  stay  in  the  good  graces  of  Wall  Street 
and  customers,  the  vendor  needs  to  adjust 
its  product  development  and  sales  strate¬ 
gies  to  address  current  buying  trends, 


trail.  The  software  encrypts  and  vali¬ 
dates  each  message  with  a  digital  sig¬ 
nature.  MessageArchive  supports  Lotus 
Notes  R6,  Microsoft  Exchange  and  any 
Internet  Message  Access  Protocol- 
based  messaging  system.  Support  for 
Novell's  GroupWise  will  be  added  this 
summer.  MessageArchive  is  priced 
starting  at  $7,500  for  100  users. 

■  Adobe  Systems  IS  integrating  its 
Internet  form  creation  software  with 
IBM’s  DB2  Content  Manager.  The 

integration  of  IBM's  DB2  manager  and 
Adobe’s  Form  Solutions  software  will 
make  it  easier  for  users  to  automate 
paper-based  processes,  Adobe  says.  The 
integration  makes  use  of  XML  for  data 
transfer,  which  makes  data  routing  easy 
and  fast.  Adobe  also  has  developed  an 
XML  architecture  for  all  of  its  products. 


ANALYSIS 


experts  say.  Smaller,  slower-to-close  deals, 
mounting  competition  and  executive 
turnover  are  threatening  the  CRM  market 
dominance  that  Siebel  has  enjoyed  over 
the  last  few  years. 

While  it’s  still  the  clear  leader  among 
CRM  suite  vendors,  Siebel  defi¬ 
nitely  has  challenges  ahead  of 
it,  says  Michael  Maoz,vice  pres¬ 
ident  at  Gartner.  One  challenge 
is  aligning  its  product  strategies  with 
today’s  buyers. 

The  software  maker  needs  to  target  tacti¬ 
cal  department-  and  division-level  buyers, 
Maoz  says.Siebel’s  sales  team  has  been  too 
slow  to  grasp  the  notion  that  the  days  of  big 
game  hunting  —  closing  $50  million  enter¬ 
prise  deals  made  with  the  help  of  partners 
such  as  IBM  and  Accenture  —  are  not  sus¬ 
tainable,  Maoz  says.  “From  a  sales  perspec¬ 
tive  for  Siebel,  that  elephant  hunt  on  the 
Serengeti  is  over’’  Maoz  says. 

Winning  smaller  deals  requires  more 
attractive  product  packaging  and  pricing. 
Detractors  often  point  to  Siebel’s  400-plus 
sales,  marketing  and  customer  service 
modules  as  an  indication  of  complexity. 

Reducing  complexity  is  an  ongoing 
effort, says  Kevin  Nix,  group  vice  president 
of  product  marketing  at  Siebel.  The  ven¬ 
dor  has  worked  to  provide  bundles  of  soft¬ 
ware  that  are  process-focused,  he  says. 
Rather  than  requiring  a  company  to  buy 
multiple  sales  modules  just  to  enable  lead 
management,  a  company  could  purchase 
a  bundle  focused  on  automating  lead 
management.  Siebel’s  Version  7.5  suite 
also  includes  fixed-price  rapid-deploy¬ 
ment  packages  that  are  intended  to  speed 
installation  times.  Additional  simplified 
CRM  packages  —  with  fewer  options  to 
enable  faster  implementations  —  are  due 
out  later  this  year. 

Easing  customers’  software  upgrade 
woes  also  should  be  a  top  priority  for 
Siebel,  Maoz  says.  As  many  as  85%  of  exist¬ 
ing  Siebel  customers  are  running  Version 
6.x  of  the  vendor’s  suite,  and  most  have 
done  a  lot  of  customization,  he  says. 
Upgrading  to  the  more  Java-compliant 
and  thin-client-based  Siebel  7.x  platform 
has  proven  to  be  a  difficult  task,  Maoz 
says.  Siebel  needs  to  iron  out  the  migra¬ 
tion  process  to  entice  more  customers  to 
make  the  upgrade,  he  says. 

Internally,  Siebel  needs  to  focus  on  stem¬ 
ming  executive  turnover.  During  the  last 
couple  years,  the  company  has  churned 
through  a  number  of  worldwide  and 
regional  sales  managers,  as  well  as  techni- 


Healthy  but  not  unscarred 

Like  many  software  vendors,  Siebel  Systems  is 
struggling  with  declining  revenue.  Restructuring 
charges  led  to  net  losses  in  the  second  half  of 
2002;  the  company  indicates  a  return  to  profit¬ 
ability  in  the  first  quarter  of  this  year. 


-$100 

Q1  Q2  Q3  Q4  Q1  Q2  Q3  Q4  Q1 

’01  ’02  ’03 

cal  account  managers  assigned  to  advise 
key  clients  on  upgrades  and  migrations, 
Maoz  says.  Paul  Wahl,  Siebel’s  president 
and  COO,  retired  in  March.  And  last 
November,  Bill  McDermott,  former  execu¬ 
tive  vice  president  of  worldwide  sales 
operations  at  Siebel, moved  to  SAPThere’s 
been  so  much  turnover  that  it’s  hurt  their 
credibility  Maoz  says. 

Mounting  competition 

While  the  field  of  CRM  vendors  contin¬ 
ues  to  shrink  —  85%  of  the  vendors  that 
were  around  four  years  ago  no  longer  in 
exist,  Maoz  says  —  Siebel’s  competitive 
pressures  are  growing.  In  particular,  rivals 
from  the  ERP  market  such  as  Oracle, 
PeopleSoft  and  SAP  have  bolstered  their 
CRM  suites  and  begun  to  advance  further 
into  Siebel’s  territory 
“There’s  no  question  that  the  competi¬ 
tive  landscape  has  changed  for  Siebel  in 
the  last  two  years,”  says  Joanie  Rufo, 
research  director  at  AMR  Research.  For  a 
See  Siebel,  page  24 


If  the  Alliance  for  Downtown  New  York 
is  able  to  realize  its  plans,  free  Internet 
access  soon  will  be  much  easier  to 
come  by  for  anyone  in  lower  Manhattan. 
The  experience  in  the  rest  of  Manhattan 
bodes  well  for  easy-to-find  Internet  access 
and  hints  that  the  alliance  is  just  hasten¬ 
ing  the  inevitable,  but  does  not  bode  well 
for  wireless  hot-spot  service  providers. 

According  to  its  Web  page  (www.down 
townnycom),“the  Alliance  for  Downtown 
New  York  is  the  Business  Improvement 
District  (BID)  serving  the  area  south  of 
Chambers  Street.”  The  group  wants  to 


Siebel 

continued  from  page  23 

long  time,  Siebel  had  a  clear  advantage 
over  the  ERP  companies  in  terms  of  its 
product  features,  she  says.  Siebel’s  advan¬ 
tage  still  exists,  but  the  gap  is  narrowing  as 
the  ERP  vendors  develop  more  legitimate 
CRM  functionality,  she  says. 

The  ERP  companies  also  have  pools  of 
customers  they  can  try  to  win  over  with 
promises  of  integrated  ERP-plus-CRM 
offerings.  The  integrated-suites  story  is  “a 
very  compelling  argument  if  you  are  an 
existing  PeopleSoft  customer  or  an  exist¬ 
ing  SAP  customer^’  Rufo  says. 

In  Siebel’s  favor,  however,  is  its  ability  to 
back  up  its  technology  with  customers. 
“Proving  their  capability  is  still  an  issue  for 
some  of  the  ERP  players, ’’which  don’t  have 
as  many  up-and-running  CRM  customers 
to  reference  as  Siebel  does,  Rufo  says. 

Also  combining  to  put  pressure  on  Sie¬ 
bel  are  a  slew  of  smaller  CRM  vendors, 
such  as  E.piphany  and  Onyx  Software;  ser¬ 
vice  provider  vendors  with  hosted  CRM 
offerings,  such  as  Salesforce.com  and 
Salesnet;  and  Microsoft,  which  bought  its 
way  into  the  ERP  and  CRM  markets 
through  its  acquisition  of  one-time  Siebel 
partner  Great  Plains. 

Microsoft  professes  to  target  small  com¬ 
panies  with  its  new  CRM  suite,  which  start¬ 
ed  shipping  in  January.  Analysts  expect  the 
Redmond  giant  to  eventually  target  mid¬ 
size  companies  as  well.  Midsize  companies 

—  loosely  defined  as  those  with  between 
$100  million  and  $S00  million  in  revenue 

—  present  a  relatively  untapped  CRM  mar¬ 
ket,  and  nearly  all  the  CRM  vendors  are 
going  full  bore  after  these  prospects. 

Nix  dismisses  Microsoft’s  effect  on  the 
CRM  arena,  at  least  for  now.  Companies 
with  simple  CRM  needs  that  want  better 
contact  management  than  Microsoft 
Outlook  can  provide,  along  with  light¬ 
weight  sales-lead  management  and  ser¬ 
vice  management  tools,  are  candidates  for 
Microsoft  CRM  —  not  midsize  or  large  cor¬ 


Enterprise  Applications _ _ 

Free  Internet:  A  5-minute  walk? 


“enhance  the  quality  of  life  in  lower  Man¬ 
hattan  by  creating  a  community  for  peo¬ 
ple  to  live,  work  and  play’ 

According  to  an  article  in  the  April  4 
New  York  Times,  the  alliance’s  latest  way  to 
enhance  the  quality  of  life  is  to  install  Wi¬ 
Fi  access  points  in  a  number  of  public 
parks  in  lower  Manhattan  and  to  open 
them  up  for  free  to  anyone  who  wants  to 
use  them.  The  Times  quotes  an  alliance 
vice  president  as  saying  that  the  group’s 
aim  is  to  make  free  Internet  access  avail¬ 
able  within  a  5-minute  walk  anywhere  in 
lower  Manhattan. 

Admirable  as  the  alliance’s  work  is,  it 
seems  to  be  just  continuing  a  well-estab¬ 
lished  trend  of  making  free  Wi-Fi  Internet 
connections  available  in  Manhattan.  By 
last  fall,  the  Public  Internet  Project  had 
found  almost  10,000  open  Wi-Fi  access 
points  in  Manhattan  and  the  Times  reports 
that  this  number  is  now  up  to  13,000. The 


density  of  these  access  points  matches 
the  demographics  of  the  population  of 
Manhattan  —  so  it  can  be  a  lot  longer 
walk  than  5  minutes  in  some  parts  of  the 
city,  but  all  you  have  to  do  is  turn  on  your 
computer  in  other  parts. 

This  trend  is  quite  good  news  for  people 
like  me  who  travel  a  lot  and  like  to  check 
their  mail  (too)  frequently.  But  it’s  real  bad 
news  for  companies  trying  to  make 
money  by  selling  Wi-Fi  Internet  access. 
Companies  such  as  T-Mobile  (which  pro¬ 
vides  fee-based  ’Net  access  in  more  than 
2,000  locations  around  the  country, 
including  Starbucks,  Borders  bookstores 
and  airports),  and  Cometa  Networks  (see 
www.nwfusion.com,  DocFinder:  5125), 
which  has  a  5-minute  walk  in  the  city  or 
drive  in  the  country  plan. 

T-Mobile  just  reduced  its  access  fees  by 
quite  a  bit,  but  I  do  not  know  if  that  was 
because  its  price  was  wrong  from  the 
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beginning  or  because  competing  with 
free  offerings  is  getting  harder  as  more 
free  access  emerges.  (For  a  research  view 
of  the  difficulty  of  pricing  services  like 
this, see  DocFinder:  5126.) 

I  would  be  remiss  if  1  wrote  about  Wi-Fi 
and  did  not  mention  security.  Actually,  it’s 
Wi-Fi  that  is  remiss  in  the  security  depart¬ 
ment.  The  only  security  is  that  which  the 
user  brings  by  employing  secure  Web  or 
encrypted  tunnels  (that  is,  VPNs).  Real 
wireless  security  seems  around  the  cor¬ 
ner,  but  the  best  strategy  is  to  assume  it’s 
not  there  and  bring  your  own. 

Disclaimer:  “Around  the  corner”  for  a 
place  with  Harvard’s  long  history  could 
still  mean  “quite  a  while,”  but  the  above  is 
my  view  —  not  Harvard’s. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Systems. 
He  can  be  reached  at  sob@sobco.com. 
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I  CRM  market  is  flush  with  cash 

Siebel  continues  to  sell  more  CRM  applications  than  its  competitors,  despite 
declining  sales.  Siebel  logged  $700  million  in  CRM  software  revenue  in  2002. 
Meanwhile,  SAP  attributes  $450  million  of  its  2002  license  revenue  to  CRM 
applications,  according  to  Gartner.  PeopleSoft  reported  2002  license  revenue  of 
$530  million  —  for  its  entire  software  lineup,  including  ERP,  supply  chain,  portals 
and  analytic  applications.  PeopleSoft's  2002  CRM  revenue  is  likely  in  the  $80  mil¬ 
lion  to  $100  million  range,  while  Oracle's  is  probably  in  the  $200  million  range, 

P  says  Michael  Maoz,  vice  president  at  Gartner.  “Siebel,  even  with  all  its  current 
challenges,  has  software  revenue  in  the  CRM  space  that  equals  those  other  three 
vendors  combined,"  he  says. 

—  Ann  Bednarz 


porations  with  sophisticated  CRM  require¬ 
ments,  he  says.  “Microsoft  has  a  proven 
track  record  of  being  a  fierce  competitor. 
But  in  our  area  right  now,  they’ve  had  little 
to  no  impact,”  he  says. 

Technology  progress 

On  the  technology  front,  integration  “has 
become  the  bane  of  the  CRM  world’s  exis¬ 
tence,”  Rufo  says.  “Almost  every  CRM 
deployment  we  know  is  going  to  have 
some  element  of  back-office  systems  tied 


in.”  Whether  it’s  an  order-management  ap¬ 
plication,  credit-checking  software  or 
claims-processing  system,  companies  need 
to  link  their  existing  applications  to  CRM 
systems  to  make  the  most  of  the  software. 

To  make  its  own  integration  story  more 
compelling,  Siebel  last  year  unveiled 
Universal  Application  Network  (UAN),  its 
vendor-neutral  application-integration 
framework  designed  to  make  it  easier  for 
companies  to  integrate  data  and  cross¬ 
application  business  processes. 


UAN  is  one  of  the  most  innovative  tech¬ 
nologies  to  be  released  by  a  CRM  vendor 
in  recent  years,  Rufo  says.  One  key 
attribute  of  the  UAN  platform  is  that  it 
doesn’t  require  that  Siebel  software  con¬ 
trol  a  company’s  master  customer  data. 
Historically  most  CRM  vendors  required 
that  all  customer  data  get  ported  into  their 
system  before  it  could  work,  Rufo  says. 
UAN  lets  another  application  be  the  sys¬ 
tem  of  record,  she  says. 

“We  know  we’re  not  going  to  control  or 
own  all  the  data,”  Siebel’s  Nix  says.  UAN 
allows  for  the  ability  to  create  customer- 
focused  processes  that  cross  disparate 
data  sources,  he  says. 

The  software  maker  also  is  moving  from 
its  proprietary  core.  In  the  last  six  months, 
Siebel  has  announced  plans  to  port  its 
software  to  Microsoft’s  .Net  platform  and 
IBM’s  Java-based  WebSphere  platform, 
swapping  out  a  large  part  of  its  own  pro¬ 
prietary  application  server  in  the  process. 

It’s  a  significant  effort,  but  not  one  that 
will  be  completed  overnight,  Rufo  says.“It’s 
important  that  Siebel’s  application  set  will 
support  industry-standard  technologies. 
But  we’re  not  going  to  see  fruits  of  these 
announcements  in  the  market  until  the 
next  three  or  four  years,”  she  says.  ■ 


Citadel 

continued  from  page  23 

Software  and  Shavlik  Technologies,  is  to 
help  customers  detect,  prioritize,  assess  and 
quickly  fix  software  problems  before  they 
damage  systems  and  productivity 
Customers  say  they  use  Hercules  to  get 
the  maximum  benefit  from  the  vulnerabili¬ 
ty  scanners  they  use.  St.  Elizabeth’s  Medical 
Center  in  Beileview,  111.,  for  example,  uses 
several  scanners,  including  eEye’s  Retina. 
Hercules  aggregates  data  related  to  inse¬ 
cure  accounts  or  unnecessary  services 
such  as  an  unused  FTP  service  that  might 
present  a  security  risk.  Citadel  also  looks  for 
software  misconfigurations. 


The  vulnerability  scanners  that  St.  Eliza¬ 
beth’s  uses  are  “all  different  in  what  they 
find,”  says  Raleigh  Burns,  security  adminis¬ 
trator  at  the  medical  center.  Harris’  product, 
for  instance,  has  limited  ability  to  apply 
patches,  he  says.  So  using  Citadel  means 
the  hospital  can  get  maximum  benefit 
from  the  scanning  tools. 

St.  Elizabeth’s  automates  the  patch  man¬ 
agement  process  because  doing  it  manual¬ 
ly  is  time-consuming.  But  occasionally  an 
applied  patch  can  have  a  negative  affect 
on  the  application,  Burns  says. 

“You  can  break  stuff  really  easily  Burns 
says.  St.  Elizabeth’s  expects  to  make  use  of 
the  new  roll-back  function  in  Hercules 
Version  2.0. 


Carl  Banzhof,  CTO  of  Citadel,  says 
Hercules  2.0  is  getting  a  design  overhaul 
that  will  let  the  Hercules  management 
console  scale  beyond  the  1,200  or  so 
servers  and  desktops  it  can  manage  today 
to  handle  thousands  more,  though  a  pre¬ 
cise  number  isn’t  available.  Hercules  2.0 
costs  $995  per  server  and  $129  per 
workstation.  ■ 


■  Is  patch  management  a  risky 
proposition?  Columnist  Joel  Snyder 
says  installing  patches  should  not 
be  a  knee-jerk  reaction.  PAGE  33. 
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Push-to-talk  coming  to  a  net  near  you 

Nextel’s  popular  DirectConnect  feature  soon  to  be  imitated  by  other  wireless  carriers. 


■  BY  DENISE  PAPPALARDO 

The  largest  wireless  carriers  are  just 
now  scrambling  to  roll  out  their  own 
push-to-talk  capabilities  after  having 
watched  Nextel  make  hay  with  the  fea¬ 
ture  for  a  decade. 

The  move  means  more  users  will  gain  the 
ability  to  instantly  communicate  with  oth- 


■  AT&T  and  Siebel  Systems  have 
formed  a  strategic  alliance  that  is 
aimed  at  helping  customers  deploy 
and  manage  distributed  Siebel 
eBusiness  Applications.  The  com 
panies  say  the  alliance  will  make  it 
easier  for  customers  to  implement 
Siebel  software  by  using  AT&T's  net¬ 
work  and  application  performance 
management  services.  In  one  of  the 
first  joint  initiatives,  AT&T  will  provide 
a  network  optimization  analysis  for 
customers  implementing  Siebel  soft¬ 
ware  to  ensure  network  infrastructure 
is  designed  to  best  support  the  Siebel 
application.  Siebel  customers  also 
could  have  AT &T  host  and  manage 
the  Siebel  software,  AT&T  says. 

■  Level  3  Communications  is  sell 
ing  the  managed  hosting  business  it 
got  when  it  acquired  Genuity 
because  of  doubts  that  it  could 
quickly  become  profitable.  Level  3 
executives  say  managed  hosting 
doesn’t  fit  into  their  plans.  Under  a 
deal  announced  earlier  this  month, 
Computer  Sciences  Corp.  will 
assume  certain  lease  obligations  for 
data  centers  in  Chantilly,  Va.,  and 
Cambridge,  Mass.,  and  take  on  Level 
3’s  managed  hosting  customers.  CSC 
will  use  Level  3’s  network  for  its  host¬ 
ing  services  and  expects  to  bring  on 
125  of  Level  3’s  hosting  employees. 
The  transaction  is  expected  to  close 
by  the  end  of  the  second  quarter. 
Level  3  acquired  Genuity  for  $137  mil¬ 
lion  earlier  this  year. 


ers  using  their  wireless  handsets.  For  carri¬ 
ers  it  might  mean  more  revenue  and  lower 
customer  churn. 

Nextel  has  been  offering  its  Direct- 
Connect  feature  for  10  years.  The  feature 
has  recently  grown  in  popularity  as  it  has 
evolved  from  closed-user  groups  —  within 
a  company  or  department  —  to  its  current 
platform  that  lets  DirectConnect  users 
instantly  chat  with  others  within  their  geo¬ 
graphic  region. 

The  service  completes  and  sets  up 
calls  almost  instantaneously,  says  Blair 
Kutrow,  vice  president  of  product  man¬ 
agement  at  Nextel. 

“Users  push  the  button  and  have  the  floor 
to  communicate.  In  a  matter  of  milli¬ 
seconds  the  person  they  are  trying  to  con¬ 
tact  receives  that  information  and  chooses 
to  accept  or  ignore  the  call,”  she  says.  Cus¬ 
tomer  have  a  list  of  DirectConnect  users 
programmed  into  their  handset  that  they 
can  connect  to  immediately  by  highlight¬ 
ing  a  name  and  pushing  a  button.  Users 
also  can  initiate  group  DirectConnect  calls 
by  highlighting  multiple  names. 

Later  this  year,  Nextel  plans  to  offer  na¬ 
tional  support  for  DirectConnect.  National 
DirectConnect  would  let  users  chat 
instantly  with  all  DirectConnect  cus¬ 
tomers  throughout  the  U.S.  Nextel  is  in  the 
process  of  upgrading  its  network  and 
plans  to  first  offer  national  support  in 
Boston  and  Los  Angeles  by  the  end  of  the 
third  quarter,  Kutrow  says. 

Competitors  are  readying  their  own  push- 
to-talk  services.  Verizon  Wireless  and  Sprint 
PCS  say  they  will  roll  out  push-to-talk  in  the 
second  half  of  the  year. 

Cingular  would  not  say  when  it  might 
offer  push-to-talk,  but  the  carrier,  with  AT&T 
Wireless,  is  backing  push-to-talk  standards 
development.  In  February  Ericsson,  Nokia 
and  Siemens  announced  they  are  working 
on  an  open  standard  to  support  push-to- 
talk  over  GSM,  General  Packet  Radio 
Service  and  Enhanced  Data  Rates  for 
Global  Evolution  networks. 

Nextel’s  network  is  based  on  Motorola’s 
proprietary  integrated  digital  enhanced 
network  (iDEN)  technology  Nextel  is  the 
only  provider  in  the  U.S.  to  support  a 
national  iDEN  network. 

The  goal  of  the  specification  is  to  support 
push-to-talk  communications  over  multiple 
networks,  says  Tapio  Heikkila,  director  of 
business  development  at  Nokia.  Nokia  has 
been  working  on  the  technology  for  a  few 


Customer  loyalty 

Nextel  is  the  only  carrier  to  offer 
push-to-talk  and  it  has  the  lowest 
customer  churn  rate,  which  is  one 
reason  its  competitors  plan  to  offer 
the  feature  soon. 
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years,  but  joined  with  Ericsson  and  Sie¬ 
mens  to  be  sure  it  wasn’t  creating  pockets 
of  users  that  couldn’t  communicate  with 
each  other,  Heikkila  says.  The  group  plans 
to  test  the  technology  with  wireless  service 
providers  later  this  year. 

AT&T  Wireless  says  it  will  trial  the  tech¬ 
nology  in  a  few  markets  by  year-end,  but 
Nokia  would  not  say  which  additional 
carriers  will  participate  in  its  push-to-talk 
technology  trial. 

Why  are  other  wireless  service  providers 
so  keen  to  get  into  the  push-to-talk  game 
now? The  two  prime  reasons  are  additional 
revenue  and  lower  churn,  says  Tole  Hart, 
senior  analyst  at  Gartner. 

“Nextel  has  been  very  successful  with  its 
[DirectConnect]  service,”  Hart  says.  “The 
average  [monthly]  revenue  per  subscriber 
for  Nextel  is  high  at  $70  last  year. . . .  That’s 
much  higher  than  Nextel’s  competitors.” 

Sprint  PCS  is  the  closest,  with  average  per- 
subscriber  revenue  of  $62,  followed  by 
AT&T  with  $60,  Verizon  Wireless  with  $52 
and  Cingular  with  $51,  he  says. 

Nextel  brings  in  more  revenue  because 
the  majority  of  its  customers  are  business 
users  who  tend  to  spend  more  on  services 
and  use  their  handsets  more  often. 

The  New  England  Patriots  off-field  per¬ 
sonnel  have  been  using  Nextel’s  Direct¬ 
Connect  feature  for  about  four  years. 

“We  used  to  have  clunky  two-way  radios 
and  cell  phones  among  other  things  that 
we  had  to  lug  around  on  game  day  and 
event  days,"  says  Lou  Imbriano,  vice  presi¬ 


dent  and  chief  marketing  officer  for  the 
football  team  and  its  Gillette  Stadium  in 
Foxborough,  Mass. 

“Now  we  have  one  small  device  that  we 
use  to  quickly  communicate  with  every¬ 
one  on  our  team,”  he  says.  About  300 
employees  communicate  via  DirectCon¬ 
nect  on  game  day  and  about  120  people 
use  the  service  daily 

Imbriano  is  looking  forward  to  Direct- 
Connect’s  expanded  reach. 

“The  national  stuff  is  the  best  part  for  us. 
We  do  about  40  event  days  at  the  stadium, 
but  we  also  do  150  events  outside  the  sta¬ 
dium  throughout  New  England  and  other 
parts  of  the  country?’  he  says. 

While  Nextel’s  service  is  more  popular 
with  corporate  customers  and  consumers, 
the  majority  of  DirectConnect  users  are  in 
field  service  and  trade  industries. 

“With  one  hand  you  click  and  you’re 
talking,”  Hart  says.  The  ease  of  use  and 
instant  contact  has  made  the  service  pop¬ 
ular  with  plumbers,  construction  workers 
and  landscapers. 

Although  Nextel  has  a  corner  on  the  mar¬ 
ket,  it  sees  competitors  approaching.  It 
doesn’t  seem  worried. 

“Imitation  is  the  highest  form  of  flat¬ 
tery”  Kutrow  says.“We’ve  demonstrated  to 
our  customers  a  consistent,  high-level 
quality  of  service  over  the  last  several 
years.  Our  experience  shows  we  know 
how  to  make  it  work. 

“We  complete  150  million  DirectConnect 
calls  a  day  on  our  network,”  she  says. 

When  asked  if  the  New  England  Patriots 
might  consider  push-to-talk  services  from 
other  wireless  carriers  as  new  services 
emerge,  Imbriano  says,  “smart  business 
people  never  shut  doors,  but  [other  service 
providers]  would  have  to  go  a  long  way  to 

beat  out  Nextel _ We  wouldn’t  be  a  test 

case  for  anyone.”  ■ 


More  online! 


Check  out  the  latest  wireless  plans 
for  business  users. 
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Getting  service  providers  back  on  track 


It  seems  as  though  half  my  columns 
this  year  have  been  about  the  failings 
of  service  providers.  I’ve  gotten  a  few 
heated  notes  from  telecom  employees 
asking, “Why  do  you  keep  beating  us  up?” 
and  many  more  comments  from  IT  exec¬ 


utives  saying, “Right  on!  Way  to  go!” 

Much  of  my  frustration  stems  from  the 
fact  that  these  companies  are  positioned 
to  take  advantage  of  many  trends  under 
way  in  the  IT  industry  —  and  yet  they’re 
floundering. 


What  do  I  mean?  Here  are  a  few  strengths 
of  the  service  providers,  particularly  the  tra¬ 
ditional  telephone  companies: 

Scale.  As  former  IBM  CEO  Lou  Gerstner 
says  in  his  book,  Who  Says  Elephants  Can't 
Dance?." Big  matters.  Size  can  be  leveraged. 
Breadth  and  depth  allow  for  greater  invest¬ 
ment,  greater  risk  taking,  and  longer 
patience  for  future  payoff.”  This  is  the  guy 
who  transformed  IBM  from  an  also-ran  with 
outdated,  overpriced  technology  into  the 


. . .  these  companies  are 
positioned  to  take  ad¬ 
vantage  of  many  trends 
under  way  in  the  IT 
industry  -  and  yet 
they're  floundering. 


worlds  leading  provider  of  e-business  solu¬ 
tions  and  integration  services.  He  knows  a 
thing  or  two  about  leveraging  assets. 

Talent.  I’ve  said  it  before,  but  it  bears 
repeating:  Telcos  have  some  of  the  finest 
technical,  project  management, and  opera¬ 
tional  expertise  in  the  world.  And  their 
employees  tend  to  be  exceptionally  loyal 
and  committed. 

Customer  access.  Despite  deep  inroads 
by  determined  competitors,  it’s  fair  to  say 
that  between  them,  AT&T,  Sprint,  World¬ 
Com,  Verizon,  SBC,  BellSouth  and  Qwest 
can  count  approximately  90%  of  U.S.  busi¬ 
nesses  as  customers.  A  firm  that  does  abso¬ 
lutely  no  business  with  any  of  the  tradi¬ 
tional  telcos  is  rare.  Your  average  start-up 
CEO  would  ransom  family  members  to  get 
this  kind  of  customer  access. 

Intellectual  property.  Telcos  have  main¬ 
tained  some  of  the  best  research  facilities. 
The  intellectual  property  locked  up  in  ser¬ 
vice  providers  alone  could  launch  a  new 
wave  of  IT  innovation*  and  keep  venture 
capitalists  in  Jaguars  for  decades. 

So  what’s  missing?  Part  of  the  answer  is 
highlighted  in  another  must-read  book, 
Clayton  Christensen’s  The  Innovator's  Di¬ 
lemma.  Christensen  (who  coined  the  term 
“disruptive  technologies")  demonstrates 
that  great  companies  can  fail  by  getting  too 
good  at  delivering  exactly  what  their  cus¬ 
tomers  want  in  a  product  —  and  missing 
the  opportunity  to  roll  out  other  products 
their  customers  might  want  even  more. 

What  should  the  traditional  telcos  do? 
For  starters,  recognize  that  they’re  truly  in 
crisis: They’re  selling  the  world’s  best  buggy 
whips  in  the  automotive  age.  Then  they 
should  recognize  the  assets  they  have,  and 
figure  out  a  way  to  build  on  them.  And  they 
should  remember  that  they  can  do  it. 

If  Big  Blue  succeeded, so  can  Ma  Bell. 


Johnson  is  president  and  chief  research 
officer  at  Nernertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 
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Avoiding  Wi-Fi  surprises 

Buying  today’s  prestandard  802.1 1g  gear  could  create  problems  in  the  future. 


■  BY  TONI  KISTNER 

Enterprise  firms  won’t  invest  in  802. 1  lg 
products  before  the  standard  is  ratified  this 
summer.  But  small  offices/home  offices 
and  consumers  are  buying  products  by  the 
bucket  load.  Most  vendors  say  prestandard 
gear  will  require  only  a  firmware  upgrade 
to  interoperate  with  products  built  using 
the  final  specification.  But  there’s  no  way  to 
know  for  sure  until  the  standard  is  ratified 
and  interoperability  is  tested.  Until  then, 
here’s  what  you  need  to  know  to  make 
smart  buying  decisions  today 

Overall,  the  SOHO  hardware  companies 
that  offer  pre-g  are  producing  comparable 
products.  But  differences  in  chipset  designs 
and  iterations  of  the  802.1  lg  specification 
vary  so  it  helps  to  know  what’s  under  the 
hood  (see  graphic,  right). 

The  two  concerns  are  interoperability 
and  performance.  How  well  an  802.1  lg 
product  works  with  802.1  lb  products  from 
the  same  and  other  manufacturers,  and 
how  well  it  works  with  802.1  lg  products 
from  other  vendors,  will  also  vary  —  today 
and  later  on  when  the  standard  is  ratified. 

Experts  agree  most  products  will  work 
together  on  the  same  network;  the  ques¬ 
tion  is  how  well. There  might  be  problems 
with  encryption  standards  and  processing 
that  need  more  power  than  some  chips 
can  support,  says  Alan  Nogee,  senior  ana¬ 
lyst  at  In-Stat/MDR. 

And  on  ad  hoc  networks,  where  clients 
communicate  without  using  an  access 
point,  early  802.1  lg  products  might  block 
transmissions  from  802.11b  clients,  says 


■  SMC  Networks  recently  announ¬ 
ced  a  wireless  DSL  router  for  small 
offices.  The  Barricade  Wireless 
DSL  Router  includes  a  DSL  modem, 
four-port  switch,  802.11b  wireless 
access  point  and  print  server.  Secur¬ 
ity  features  include  a  stateful  packet 
inspection  firewall,  content  filtering 
and  VPN  tunneling.  The  box  is  avail¬ 
able  now  through  service  providers 
and  costs  $200. 


Rich  Redelfs,  of  Atheros  Communications. 

The  bigger  question  is  performance.  Be¬ 
fore  buying,  consider  your  network  needs. 
The  maximum  speed  you  can  get  on  a 
pure  802.1  lg  network  is  24M  bit/sec.  How¬ 
ever,  once  you  add  802.11b  clients  to  the 
network,  speeds  will  suffer. 

Until  the  specification  is  ratified, it  helps  to 
know  which  vendor’s  chipset  is  in  your 
gear.  Broadcom  stresses  performance  over 
interoperability;  Intersil  stresses  interoper¬ 
ability  and  Wi-Fi  compliance  over  per¬ 
formance.  Broadcom  argues  that  some 
aspects  of  the  final  standard  impede  per¬ 
formance  unnecessarily 

At  issue  is  how  802.11b  and  802.1  lg 
clients  communicate.  While  each  transmits 
data  over  the  same  2.4-GHz  frequency  each 
speaks  a  different  language  (802.11b 
speaks  CCK,  or  complimentary  code  key¬ 
ing,  and  802.1  lg  speaks  OFDM, Orthogonal 
Frequency  Division  Multiplexing).  Because 
802.1  lg  is  backward-compatible,  it  speaks 
both  CCK  and  OFDM.  However,  802.11b 
clients  can’t  speak  OFDM,  nor  can  they 
recognize  when  an  802.1  lg  client  is  trans¬ 
mitting  data. As  a  result, 802.1  lb  clients  can 
“step  on”  802.1  lg  clients  by  transmitting 
data  simultaneously  creating  packet  colli¬ 
sions  that  slow  the  network. 

To  address  this,  the  IEEE  added  a  mecha¬ 
nism  called  protective  mode  to  the  final 
specification. This  ensures  that  on  a  mixed 
802.11b  and  802.1  lg  network,  all  clients 
check  with  the  access  point  before  trans¬ 
mitting  data,  to  ensure  the  channel  is  clear. 
But  protective  mode  also  slows  the  network 
to  a  maximum  14.4M  bit/sec,  Redelfs  says. 


■  Gric  Communications,  which  pro 
vides  mobile  users  dial-up  Internet 
access  worldwide,  recently  announced 
a  broadband  service  using  Wi-Fi  and 
Ethernet.  By  signing  agreements  with 
21  Wi-Fi  service  providers,  Gric  provides 
users  access  to  700  wireless  hot  spots 
and  nearly  500  hotel  locations,  and 
Ethernet  access  in  more  than  100,000 
hotel  rooms.  In  the  coming  months, 

Gric  plans  to  increase  the  number  of 
Wi-Fi  and  Ethernet  locations  to  be¬ 
tween  4,000  and  6,000  in  about  31  coun¬ 
tries.  The  service  costs  $39  per  user, 
per  month. 


Many  products  now  on  the  market  use 
Broadcom’s  chip,  which  doesn’t  have  pro¬ 
tection  activated.  For  products  using  Inter¬ 
sil’s  chip,  this  isn’t  a  concern  because  In¬ 
tersil  always  has  supported  protection. 

As  important  a  factor  in  performance  is 
your  network’s  topology  If,  for  instance,  you 
have  several  802.1  lg  clients  and  only  one 
802.1  lb, you  might  get  better  performance 
with  today’s  prestandard  products  that 
don’t  use  protection.  Or  possibly  if  you  have 
a  pure-g  network,  which  has  protection 
activated,  and  your  neighbor  has  an 
802.11b  network,  your  access  point  might 
pick  up  the  neighbor’s  802.1  lb  signal, drag¬ 
ging  down  your  802.1  lg  network.  In  other 
words,  the  slowdown  created  by  packet 
collisions  could  affect  your  network  less 
than  the  overall  use  of  protection.  (Later 
this  spring,  look  for  a  comparative  review  of 
prestandard  802. 1 1  g  products  from  Net¬ 
work  World’s  Test  Alliance.) 

While  tech-sawy  users  routinely  down¬ 
load  firmware  updates,  the  process  is  fairly 
complicated,  and  if  mishandled,  could 
destroy  the  hardware.  Firmware  is  software 
that  resides  in  flash  memory  on  the  hard¬ 
ware’s  host  processor.  Firmware  is  first 
downloaded  onto  the  PC,  then  transferred 
to  the  hardware  device.  The  catch  is  the 
flash  memory  also  contains  the  operating 
system  for  the  hardware, so  if  the  download 
fails,  the  operating  system  is  corrupted  and 
the  hardware  ruined. 

For  the  most  part,  SOHO  vendors  all  are 
posting  firmware  updates  on  their  Web 
sites,  and  all  say  they  will  provide  a 
firmware  and/or  software  upgrade  to  the 
final  specification.The  notable  exception  is 
Buffalo  Technologies,  which  also  promises 
to  provide  a  new  product  if  the  old  one 
fails  to  work  properly  with  the  final  stan¬ 
dard.  This  guarantee  even  covers  cus¬ 
tomers  who  ruin  their  gear  during  the 
firmware  upgrade. 

This  summer,  the  first  Wi-Fi  certified  prod¬ 
ucts  will  reach  store  shelves,  offering  con¬ 
sumers  some  guidance  on  interoperability. 
But  today  if  speed  is  most  important  to  you, 
use  only  802.1  lg  equipment,  preferably  all 
from  the  same  vendor  or  at  minimum  from 
the  same  chip  manufacturer.  If  you’re  con¬ 
cerned  about  protecting  your  investment, 
go  with  Buffalo.  If  you  have  an  existing 
802.11b  network  and  plan  to  expand,  but 
speed  isn’t  paramount,  wait  until  the  stan¬ 
dard  is  ratified, and  then  buy  only  products 
with  theWi-Fi  certified  label.  ■ 


Vendors’  vows 

While  all  promise  to  provide  firm¬ 
ware  and/or  driver  upgrades 
to  maintain  compatibility  with 
future  802.11g  products,  official 
policies  vary. 


•  Hardware  vendor:  Belkin 
Chipset  vendor:  Broadcom 
Product  policy:  Initial  policy:  "We 
guarantee  compatibility,  even  if  we 
have  to  replace  the  customer's  unit." 
Policy  change  as  of  March  28:  “Our 
products  are  firmware  and  drive  up¬ 
gradable  [to  the  final  spec].” 

•  Hardware  vendor:  Buffalo 
Technologies  (U.S.) 

Chipset  vendor:  Broadcom 
Product  policy:  "If  the  products 
change  materially  once  the  standard 
is  certified,  we  will  replace  the  pro¬ 
ducts  at  no  cost.” 

•  Hardware  vendor:  D-Link  Systems 
Chipset  vendor:  Intersil  for  802. 

1  lg;  Atheros  for  802.1  la+g  adapters 
Product  policy:  "It's  likely  all  that 
will  be  needed  is  a  firmware  upgrade, 
provided  no  major  changes  are  made 
to  the  final  draft." 

•  Hardware  vendor:  Linksys 
Chipset  vendor:  Broadcom  for  802. 

I  lg;  Atheros  for802.11a+g  adapters 
Product  policy:  “We  suspect  that 
no  more  than  a  firmware  or  driver 
may  be  necessary  to  become  802.11g- 
compliant;  we  can't  guarantee  com¬ 
patibility  with  a  standard  that  is  not 
official.” 

•  Hardware  vendor:  Netgear 
Chipset  vendor:  Intersil  for  802. 

I I  g;  Atheros  for802.11a+g  adapters 
Product  policy:  “We’re  confident 
we  will  be  able  to  address  any 
changes  between  current  shipping 
products  and  the  final  802.1  lg  spe¬ 
cification  through  firmware 
upgrades." 

•  Hardware  vendor:  SMC  Networks 
Chipset  vendor:  Intersil 
Product  policy:  "Draft  products 
will  be  compatible  with  the  finalized 
spec.” 


Be  part  of  the  one  can't-miss  event  for  serious 
networking  and  IT  professionals. 


NETWORLD+INTEROP  LAS  VEGAS  2003 


Networking  is  changing  faster  than  any  segment  of  the  information 
world,  and  transforming  the  way  we  develop  and  deploy  applications. 
NetWorld+Interop  is  the  one  event  that  gives  you  the  chance  to  see  the 
latest  products  and  solutions  while  you  meet  with  the  best  and  brightest 


In  Las  Vegas  this  spring  you'll  find  the  ultimate  networking 
experience  and  real-world  solutions  in  these  key  areas: 


■  Security 

■  Wireless 

■  Storage 

■  Network  Management 


■  Convergence 

■  Web  Services 

■  And  more! 


AUTONOMIC 
COMPUTING  DAY 

Presented  by  IBM 
and  featuring 


KEYNOTE 


PRESENTATIONS 


John  Chambers 
President  and  CEO, 
Cisco  Systems,  Inc. 


Gordon  L.  Stitt 
CEO, 

Extreme  Networks 


Joseph  M.  Tucci 
President  and  CEO, 
EMC  Corporation 


Mark  Lewis 

Executive  VP,  New 
Ventures  and  CTO, 
EMC  Corporation 


Richard  M.  Russell 

Associate  Director 
for  Technology, 
The  White  House, 
Office  of  Science  and 
Technology  Policy 


Sanjay  Kumar 
Chairman  and  CEO, 
Computer  Associates 


Alan  Ganek 

Vice  President, 
IBM  Autonomic 
Computing 


Power  of  Networking  Innovation 

at  NetWorld+Interop 


or  call  81 

NOTE:  Please  use  Coupon  Code  493  and  Priority  Code  NTMG6  when  registering 


CONFERENCE:  APRIL  27-MAY  2,  2003  EXHIBITION:  APRIL  29-MAY  1,  2003  LAS  VEGAS  CONVENTION  CENTER 


Copyright  ©  2003  Key3Medla  Events,  Inc.  303  Vmlage  Park  Drive,  Foster  City,  CA  94404-1 135  All  Rights  Reserved. 
Key3Media,  NetWorid,  NetWOrld+lnterop,  Interop,  and  associated  design  marks  and  logos  are  trademarks  owned  or  used  under 
license  by  Key3Medla  Events,  Inc.  and  may  be  registered  in  the  United  States  and  other  countries.  Other  names  mentioned  may 
be  the  trademark  of  their  respectrve  owners. 


A  Key3Media 
Group  Event 


OFFICIAL  CORPORATE 
SPONSOR  OF 
KEY3MEDIA  GROUP 


Mercedes-Benz 


Artificial  intelligence  scopes  out  spam 


■  BY  DAVE  STRICKLER 

In  the  cat-and-mouse  game  of  the  anti¬ 
spam  industry  staying  one  step  ahead  of 
spammers  is  difficult  because  they  con¬ 
stantly  exploit  the  weaknesses  of  email 
keyword  filtering.  But  the  newest  artificial- 
intelligence  filtering  technology  may 
adapt  faster  than  the  spammers  can  alter 
their  messages. 

Artificial  intelligence  techniques  closely 
resemble  the  way  our  brains  learn.  Once 
we  learn  a  skill,  we  use  it  to  reason  with. 
Using  artificial  intelligence  to  detect  spam 
is  done  in  the  same  way 

Natural-language  processors  serve  as 
powerful  artificial  intelligence  tools  in  the 
fight  against  spam.  These  processors, 
which  actually  are  an  array  of  complex 
algorithms,  scan  e-mail  messages  to  dis¬ 
cover  the  content  of  the  messages.  The 
algorithms  are  packaged  into  mail-filter¬ 
ing  software,  which  generally  sits  outside  a 
firewall  or  at  an  application  service 
providers  network. 

Artificial  intelligence  mail-filtering  soft¬ 
ware  accepts  all  in-bound  e-mail  traffic, 
routing  legitimate  traffic  to  a  corporate 
SMTP  server  and  flagging  other  messages 


Got  great  ideas 


■  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you 
want  to  contribute  a  primer  on  a  spe¬ 
cific  technology,  standard  or  protocol, 
contact  Amy  Schurr,  senior  managing 
editor,  features  (aschurr®  nww.com). 


as  spam.  Suspect  e-mail  is  sent  to  a  quaran¬ 
tine  area  where  an  administrator  can  view 
the  contents  to  determine  whether  to  dis¬ 
card  it  or  pass  it  along. 

Humans  can  quickly  skim  a  message  to 
judge  if  it  is  spam.  Referencing  keywords 
by  their  location  in  a  sentence  lets  us 
understand  the  difference  between 
“chicken  breasts”  as  food  and  “bare 
breasts”  as  pornography  Similarly,  natural- 
language  algorithms  break 

down  messages  into  sentences  7. 

_ , _ _ . _ . _  ©E-mail  messages 


are  sent  over  the 
Internet  to  cor¬ 
porate  users. 


and  analyze  their  meaning. 

With  considerable  processing 
effort,  natural-language  process¬ 
ing  technology  pieces  together 
the  meaning  of  messages  by  analyzing  the 
words,  sentences  and  paragraphs  in  the 
reverse  order  from  which  the  algorithms 
originally  took  them  apart. 

Consider  this  e-mail  example:“These  deli¬ 
cious  chicken  breasts  look  good  enough  to 
eat  —  let’s  cook  out  tonight.  If  you  can 
bring  Bill,  call  me  at  work,  800-262-2222 
x231.  Oh,  and  check  out  the  pictures  from 
our  last  cookout  at  www.ophoto.com/ 
2623/party_pictures>.”  A  standard  keyword 
analysis  would  flag  the  terms: 

breasts,  look  good,  toll  free  q  Legitimate  messages 
number, Web  site  URL.  But  arti-  ^  ajiowed  to 

ficial  intelligence  analysis  traverse  the  firewall 

would  determine  the  message  and  travel  to  a  mail 
was  an  invitation  to  dinner.  server,  which  then 

In  the  example,  keyword-fil-  delivers  them  to  the 

.  .  .  .  V  .  ,  .  appropriate  users, 

tering  technology  picks  out  ^ _ 

pieces  of  the  sentence  with¬ 
out  really  understanding  its  meaning.  Its 
selective  hearing  incorrectly  determines 
that  the  sentence  is  pornographic. 

Another  challenge  is  picking  out  legiti¬ 
mate  business  correspondence.  For  exam¬ 
ple,  an  e-mail  from  a  mortgage  broker  to  a 


HOW  IT  WORKS 

Natural-language 

processors 

Natural-language  processors 
use  complex  algorithms  to 
analyze  e-mail  content  and 
filter  spam. 


filtering 


Before  the  e-mail  arrives  at  a 
company’s  e-mail  server,  an 
artificial-intelligence  processor 
intercepts  the  messages.  The 
software  analyzes  the  messages 
to  determine  if  they  are  clean 
enough  to  pass  on  to  the  firewall. 


Artificial-intelligence  e-mail 
filtering  software  flags  any 
messages  with  questionable 
material  and  sends  them  to  a 
spam  holding  area,  where  an 
e-mail  administrator  can  review 
their  contents  and  take  further 
action  if  necessary. 


client  might  say  “Sam,  I  did  some  digging, 
and  I  found  some  unbelievably  low  mort¬ 
gage  rates  with  no  money  down  this  morn¬ 
ing.  If  you  want  to  get  one,  you’ll  need  to 
call  me  today  so  I  can  lock  the  rate  in  for 
you.  One  of  the  rates  expires  at  midnight 
tonight.”  A  standard  keyword  analysis 
would  classify  the  message  as  spam  based 
on  the  terms:  Low  mortgage  rates,  no 
money  down, expires  at  midnight.  However, 
artificial  intelligence  analysis  would  reveal 
that  this  was  a  corre¬ 
spondence  regarding 
mortgages. 

Even  the  sharpest 
artificial  intelligence 
techniques  might 
question  the  analysis 
of  a  message  itself,  but 
a  final  determination 
goes  beyond  the  text.  For  example,  trans- 
mission-pattern  techniques  look  at  when 
messages  were  sent,  who  sent  them 
and  where  they  originated.  Say  the 
mortgage  message  above  came 
from  the  same  address  as  12  other 
messages  sent  in  the  past  week. These 
all  came  from  the  same  server,  during 
normal  business  hours,  and  none  looked 
like  spam.  Clearly  this  makes  a  reasonable 
case  in  defense  of  this  message.  Other  fil¬ 
tering  techniques,  however,  might  toss  the 
same  e-mail  into  the  trash. 

While  there  never  will  be  a  sys¬ 
tem  that  stops  100%  of  spam, 
artificial  intelligence  techniques 
come  closer  to  that  goal  than 
ever  before. 


S trickier,  CEO  of  Mail  Wise,  can 
be  reached  at  dstrickler 
@mailwise.com. 


Dr.  Internet  By  Steve  Blass 

We  want  to  connect  three  LANs  in  Sheboygan, 
Wis.,  to  servers  in  Chicago  and  St.  Louis.  We 
want  to  use  either  private  line  or  frame  relay 
instead  of  the  Internet  How  many  access  lines 
and  router  ports  will  we  need  for  private  line  vs. 
frame  relay?  Also,  how  would  we  upgrade  later 
to  connect  Chicago  and  St.  Louis  in  each  case? 

Private-line  networks  require  point-to-point  con¬ 
nectivity  between  endpoints.  Connecting  three 
sites  requires  two  end-to-end  connections.  The 


easiest  way  is  to  connect  Sheboygan  to  Chicago 
with  one  line,  and  Sheboygan  to  St.  Louis  with 
another.  Pricing  might  influence  your  hub  and 
spoke  network  choices  —  you  might  have  to  route 
network  traffic  from  Sheboygan  to  St.  Louis 
through  Chicago.  All  three  nodes  can  communi¬ 
cate  with  each  other  once  two  spokes  are 
attached  to  a  hub  by  configuring  the  hub  node  to 
relay  traffic  between  the  spoke  nodes.  Upgrading 
a  private-line  network  to  provide  an  additional 
direct  point-to-point  connection  requires  installing 


another  private  line.  With  frame  relay,  you  can 
connect  each  site  to  the  frame  relay  network, 
and  configure  virtual  circuits  in  the  frame  relay 
network  to  simulate  point-to-point  private-line  net¬ 
work  connections.  Directly  connecting  more 
frame  relay  sites  to  each  other  requires  configur¬ 
ing  more  virtual  circuits. 

Blass  is  a  network  architect  at  C.hange@Work  in 
Houston.  He  can  be  reached  at  dr.internet@ 
changeatwork.  com. 
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INSiDE  THE 
NETWORK 
MACHINE 

Mark 

Gibbs 


So  we  were  talking  about  the  Windows 
registry  last  week  and  reader  Keith 
Medcalf  wrote  in  to  point  out  that, 
“Actually,  the  registry  was  invented  by  IBM 
for  Presentation  Manager  (the  graphical 
interface  layer  to  OS/2)  in  1988-89.  .  .  . 
Microsoft,  having  access  to  the  registry 
under  the  Joint  Application  Development, 
used  the  registry  database  for  its  own 
Windows  system.”  Medcalf  also  notes  that 
“the  registry  first  appeared  in  Windows 
Version  3.0,  for  registration  of  DDE  [which 
morphed  into  OLE],  which  Microsoft  later 
adapted  and  renamed  ActiveX.” 

Medcalf  goes  on  about  the  history  and 
concludes  by  pointing  out,  “Microsoft  did 
promote  using  the  registry  to  store  applica¬ 
tion  configuration  information, and  eventu¬ 
ally  over  time  moved  all  configuration 
information. . .  .This  misadventure  led  to  the 
situation  that  exists  today  —  the  chicken 
and  egg  problem.  You  cannot  correct  an 
error  in  the  registry  unless  the  operating 
system  is  fully  operating.  Of  course,  the  pri¬ 
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mary  reason  for  needing  to  edit  the  registry 
is  because  something  is  broken,  and  if 
something  is  broken  you  cannot  run 
enough  of  the  operating  system  to  edit  the 
registry  Microsoft  introduced  all  sorts  of 
shenanigans  to  get  around  this  silly  state  of 
affairs  so  they  created  “Safe  Mode”, 
“Recovery  Console” /‘Safe  Mode  VGA  Only” 
[and  so  on].” 

Thanks,  Mr.  Medcalf.  We  are  not  surprised 
to  find  that  the  whole  mess  is  even  worse, 
architecturally  and  practically  speaking, 
than  we  ever  thought. 

Last  week  we  mentioned  the  registry 
hives  and  you  might  have  concluded  that 
there  are  five  of  them,  which  is  how  things 
appear.  Actually,  there  are  only  two: 
H  KE  Y_LOC  AL_M  ACH I N  E  and  HKEY_ 
USERS.  The  other  hives  are  subtrees  of  the 
data  in  the  two  real  hives  —  this  is  partly  for 
convenience  to  make  accessing  the  data 
simpler  and  partly  for  compatibility 

Thus,  HKEY_CURRENT_CONFIG  is  an 
alias  for  HKEY_LOCAL_MACHINE\SYS- 
TEM\CurrentControlSet\Hardware 
ProfilesNCurrent,  and  HKEY_CLASSES_ 
ROOT  is  an  alias  for  HKEY_LOCAL_ 
MACHlNE\SOFIWARE\Classes. 

HKEY_CURRENT_USER  is  a  little  differ¬ 
ent:  It  points  to  one  of  the  subkeys  of 
HKEY_USERS  —  which  one  depends  on 
the  security  identifier  (SID)  of  the  currently 


logged-on  user  of  the  operating  system. 

SIDs  are  long  numeric  sequences  such  as 
“  HKEY_USERS\S- 1-5-2 1-72  5  34  5543- 
1580436667-839522115-1003,”  and  they  are 
unique.  This  means  that  Windows  can 
never  reuse  a  SID.  So  while  a  name  associ¬ 
ated  with  a  SID  (such  as  the  name  of  a  user, 
group  or  domain)  might  change,  the  value 
of  the  SID  will  not. 

Note  that  encoded  in  the  SID  value  is  the 
ID  of  the  domain  that  issued  the  SID.  A  con¬ 
sequence  of  this  is  that  if  you  migrate  users 
or  groups  from  one  domain  to  another,  a 
new  SID  must  be  issued  so  the  original 
access  permissions  for  those  entities  will 
change. 

The  logical  structure  of  the  registry 
appears  to  be  five  root  keys  or  hives,  but  is 
actually  two  root  keys  and  three  aliases  to 
subkeys  of  those  root  keys.  The  hives  are 
stored  in  several  separate  files  on  disk 

For  the  following  subkeys  under  the 
HKEY_LOCAL_MACHINE  hive  you’ll  find 
the  following  files  under  “%systemroot%\ 
system32\config”  (we’ve  listed  them  as 
Hive  subkey  —  Files):  SAM  —  Sam, 
Sam. log,  Sam.sav;  Security  —  Security, 
Security.log,  Security.sav;  Software  — 
Software,  Software.log,  Software.sav;  System 
—  System,  System.alt,  System.log, 
System.sav. 

You’ll  also  find  the  hive  HKEY_CUR- 
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RENT_CONFIG  under  “%systemroot%\ 
system32\config"  in  the  files  System, 
System.alt,  System.log  and  System.sav; 
while  the  files  for  HKEY_CURRENT_USER 
(Ntuser.dat,  Ntuser.dat.log)  and  KEY_ 
USERS\DEFAULT  (Default, Default.log, 
Default.sav)  are  found  under  “%system- 
root%\%userprofile%”. 

In  the  above  lists,  a  file  name  with  no 
extension  is  a  complete  copy  of  the  hive 
data,  while  a  “log”  file  is  a  log  of  changes  to 
the  keys  and  values. 

Also, “alt”  files  are  back-up  copies  of  their 
respective  subkeys  under  the  HKEY_ 
LOCAL_MACHINE\System  hive.  Only  the 
System  key  has  an  .alt  file  and  so  the  rea¬ 
son  HKEY_CURRENT_CONFIG  has  one 
because  it  is  actually  a  subkey  (or  subhive) 
of  the  System  key 

Finally, “sav”  files  are  copies  of  hive  files, as 
they  were  at  the  end  of  the  text-mode  stage 
in  Windows  setup  to  save  the  configuration 
data  should  the  graphics-mode  stage  of 
setup  fail.  So  if  setup  goes  “THUD!”  in  the 
graphics-mode  stage,  the  hive  data  is 
restored  from  the  “sav”  file  on  restart  and 
only  the  graphics-mode  stage  is  repeated. 
Groovy 

“Enough”  you  cry  . . .  just  you  wait  until 
next  week! 

“Woe  is  us” to  gearhead@gibbs.com. 


Cool 

Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Security  and  surveillance  cameras  continue  to  move 
from  analog-based  systems  to  digital,  which  lets 
companies  move  video  over  their  existing  IP-based 
data  networks. 

Sometimes,  however,  the  images  from  these  security 
cameras  (both  digital  and  analog)  —  especially  in  unusu¬ 
ally  bright  or  dark  situations  —  often  appear  blurry,  or  are 
so  saturated  with  light  you  can’t  see  a  thing.  A  security 
camera  that  provides  a  horrible  image  isn’t  really  protect¬ 
ing  your  company,  is  it? 

I  recently  met  with  officials  from  a  company  in  Cam¬ 
bridge.  Mass.,  that  wants  to  change  that.  SMaL  Camera 
Technologies  (the  S,  M  and  L  are  the  initials  of  the  com¬ 
pany’s  founders)  recently  announced  a  network  camera 
kit  (the  V1200C  Professional  NetCam)  that  lets  OEMs 
create  network  cameras  that  have  intelligence  built  into 
them.  These  “smart  cameras”  will  include  SMaL’s  Auto- 
brite  technology,  which  improves  the  images  from  a  se¬ 
curity  camera  so  that  bright  areas  are  not  saturated  and 
dark  areas  are  not  too  dark.  The  Autobrite  technology 
ilso  is  available  from  SMaL  for  analog  cameras, company 
officials  say. 

!  laving  a  better  picture  lets  companies  get  more  from 
ten  security  cameras.  When  you  add  motion-sensing  or 
•  ial-recognition  applications,  having  a  picture  that 
i  . '  washed  out  by  light  means  those  applications  work 

even  better. 

i  idition  to  the  Autobrite  technology, SMaL  is  offering 


Coming  soon  to  network  cameras 


network  camera  manufacturers  image-recognition  algo¬ 
rithms  that  let  security  applications  (including  facial 
recognition  or  motion  sensing)  integrate  with  a  network 
camera. The  idea,  SMaL  officials  say  is  to  let  the  network 
camera  do  more  of  the  work  on  the  processing  side,  so 
that  network  bandwidth  is  not  overutilized.  In  many  net¬ 
work-based  cameras,  a  lot  of  the  pro¬ 
cessing  is  handled  by  an  application  on 
the  computer,  which  means  more  net¬ 
work  traffic  between  the  computer  and 
the  camera.  SMaL’s  technology  allows 


SMaL's  Autobrite  technology  can  provide 
better  images  (top)  than  those  from  regu¬ 
lar  network  cameras  (left). 


SMaL  CAMERA  TECHNOLOGIES 


this  processing  to  be  handled  by  the  camera  (with  inte¬ 
gration  from  the  application). 

The  SMaL  technology  also  provides  a  built-in  server  for 
User  Datagram  Protocol  (UDP),  HTTP  and  TCP/IP  sup¬ 
port,  and  can  provide  JPEG  compression  for  images  at 
rates  up  to  30  frame/sec  with  VGA  resolution. 

This  marks  SMaLs  entry  into  its  second  market.  Last  year 
the  company  introduced  the  Ultra-Pocket  VGA  Digital 


Camera,  which  several  companies  have  branded  under 
their  own  names  (including  Oregon  Scientific,  Fuji  and 
Logitech).  These  Ultra-Pocket  digital  cameras  have  the 
distinction  of  being  the  thinnest  digital  cameras  avail¬ 
able,  and  provide  VGA-resolution  images.  SMaL  says  it’s 
working  on  a  1. 3-megapixel  version  of  the  Ultra-Fbcket  for 

distribution  to  net¬ 
work  camera  man¬ 
ufacturers  later  this 
year.  SMaL  also  is 
working  with  auto¬ 
motive  manufactur¬ 
ers  to  develop  video 
technology  in  driver- 
assistance  applica¬ 
tions  —  imagine  a 
car  with  a  video 
camera  on  the  rear 
bumper  that  shows 
what  is  directly  be¬ 
hind  the  driver  (via 
pop-up  screen  on  or 
near  the  dash¬ 
board),  and  you’ll 
get  a  feeling  for  what  SMaL  is  working  on.  Another  idea  is 
to  have  cars  that  can  sense  whether  a  driver  is  drifting  off 
the  highway  and  then  be  able  to  shake  the  driver’s  seat  as 
an  alert.  SMaL  is  working  on  the  video  camera  technol¬ 
ogy  for  the  application. 

It  only  takes  a  small  leap  to  assume  that,  via  driver-assis¬ 
tance  technology,  we  could  be  on  the  way  to  fully  auto¬ 
matic  cars  and  then,  of  course,  toward  flying  cars. 

Shaw  can  be  reached  at  kshaw@nww.com. 


hp  ProLiant  ML310 

•Tower  Model 

•Intel®  Pentium®  4  processor  2.53  GHz  - 
(2.80  GHz  available) 

•256MB  Total  PC2100  Registered  ECC  DDR  SDRAM  Memory 
•Integrated  Dual  Channel  Ultra  ATA-100  IDE  Adapter  with 
Integrated  ATA  RAID  0,1,  &  1  +0 
•40GB  ATA  7200  rpm  Drive  1"* 

•NC7760  Gigabit  Network  Controller  (embedded) 

•ProLiant  Essentials  Foundation  Pack 
(including  SmartStart™  &  Insight  Manager™) 

•1-Year  Worldwide  Pre-Failure  Warranty  (processors,  memory  & 
hard  drives),  next-business-day  parts,  labor  &  on-site  delivery* 


$1,048 


Lease  for  under  $44  a  month  for  24  months’ 


hp  tc2120 

•Tower  Model 

•Intel®  Celeron®  1.80  GHz  processor 
•128MB  PC2100  Registered  ECC  DDR  Memory, 
upgradeable  to  4GB 

•Integrated  Dual  Channel  Ultra  ATA-100  IDE  Adapter 
•40GB  Ultra-ATA  7200  rpm  Hard  Drive* 

•NC7760  Gigabit  Network  Controller  (embedded) 
•1-Year  Limited  Warranty* 


$549 


Lease  for  under  $23  a  month  for  24  months’ 


hp  ProLiant  DL380  G3 

•Rack  Model 


HP  servers  are  as  reliable  as  they  are  affordable, 
so  it  costs  less  to  maximize  your  servers  uptime. 

In  fact,  our  Intel '  processor-powered  HP  servers  are 
the  best-designed  servers  built  on  the  most  reliable 
platform  available.  They're  custom  configured  to  meet 
your  company's  nonstop  demands  and  they're 
easier  to  install  than  ever  before.  And  every  HP 
server  can  be  managed  today  as  easily  as  they  are 
adaptive  and  expandable  for  tomorrow.  Plus  they're 
all  backed  with  an  impressive  warranty  and  our 
experienced  service  and  support  team.  So  your 
business  heads  in  the  only  direction  it  should— up. 
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hp  ProLiant  ML350  G3 

•Tower  Model 

•Intel®  Xeon™  processor  2.40  GHz 
•256MB  Total  PC2100  Registered  ECC  DDR 
SDRAM  Memory  (1  x  256) 

•Integrated  Dual  Wide  Ultra3  SCSI  Adapter 
•6x1"  Hot  Pluggable  Hard  Drive  Bays 
•36.4GB  U320  Universal  Hard  Drive  (1") 

1 0,000  rpm* 

•NC7760  Gigabit  Network  Controller  (embedded) 
•ProLiant  Essentials  Foundation  Pack  (including 
SmartStart™  &  Insight  Manager™) 

•3-Year  Worldwide  Pre-Failure  Warranty  (processors, 
memory  &  hard  drives),  next-business-day  parts, 
labor  &  on-site  delivery* 

$1,938 

Lease  for  under  $81  a  month  for  24  months’ 


•Intel®  Xeon™  processor  2.40  GHz 
•5 1 2MB  Total  PC2 1 00  Registered  ECC  DDR 
SDRAM  Memory  (2  x  256) 

•Integrated  Smart  Array  5i  Plus  Controller 
•Hot  Plug  Drive  Cage-Ultra3 
(5  x  1"  and  1  x  1.6") 

•36.4GB  U320  Universal  Hard  Drive  (1") 

10,000  rpm* 

•Two  NC7781  PCI-X  Gigabit  NICs  (embedded) 

PCI  10/100  WOL 

•Sliding  Rails  and  Cable  Management  Arm 
•ProLiant  Essentials  Foundation  Pack  (including 
SmartStart™  &  Insight  Manager™) 

•3-Year  Worldwide  Pre-Failure  Warranty 
(processors,  memory  &  hard  drives), 
next-business-day  parts,  labor  &  on-site  delivery* 

$3,662 

Lease  for  under  $153  a  month  for  24  months 


0%  FOR  24  MONTHS. 

For  a  limited  time,  get  0%  lease  rate  on  qualifying  purchases  made  before  April  30, 2003.' 


Toll  Free  1-866-625-0785 
www.hp.com/go/magazine5 
Or  call  your  local  reseller. 
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Top  security 
vendors  called 
to  NYC  debate 

ou  don’t  have  to  press  readers  very  hard  to  learn 
that  security  is  their  top  concern.The  threats  to  infor¬ 
mation  assets  keep  morphing,  new  technologies 
keep  popping  up,  and  the  expectations  for  securing  the 
network  keep  ratcheting  up  among  customers,  employees, 
business  partners  and  investors. 

To  help  you  get  a  better  handle  on  the  issues  shaping 
security  I’m  staging  the  Network  World  Security  Showdown 
at  CeBIT  America,  which  will  be  held  June  18  to  20  in  New 
York.  (For  more  on  the  inaugural  U.S.  version  of  this  vener¬ 
able  European  event, go  to  www.cebit-america.com). The 
Security  Showdown  will  be  a  head-to-head  debate  among 
leading  security  vendors.  No  PowerPoint  presentations,  no 


Unwilling  customers 

In  the  Q&A  “Customer  service  VP  at  WorldCom  sees 
brighter  days  ahead”  (www.nwfusion.com,  Doc- 
Finder:  5122),  no  questions  were  asked  about  the 
large  customer  base  consisting  of  those  receiving 
collect  calls  from  prisons.These “customers,” some  of 
whom  pay  charges  of  hundreds  of  dollars  each 
month,  do  not  have  access  to  account  managers 
through  the  Internet  and  possibly  are  not  even 
assigned  to  such.  Recently  MCI  began  requiring 
these  customers  (who  are  forced  to  be  MCI  cus¬ 
tomers  if  the  prison  system  from  which  they  receive 
calls  has  chosen  MCI  as  its  carrier)  to  prepay  their 
accounts.  It  seems  outrageous  that  a  company  that  is 
unable  to  pay  its  debts  should  force  its  customers  to 
extend  credit  to  it.  Customer  service,  indeed. 

Janet  Law 
Hilton  Head.S.C. 


framework.  But  it  is  good  enough  that  I  only  have  to 
stay  current  on  the  applications  that  are  the  primary 
focus  of  my  work,  not  every  IP-enabled  app  on  every 
system  1  run. 

I  don’t  have  direct  experience  with  the  security 
update  systems  the  commercial  packagers  of  Linux 
provide.  I  expect  the  ones  available  to  nonpaying 
users  are  not  as  good  as  Debian’s,  but  that  paying 
customers  probably  get  support  as  good  as  or  bet¬ 
ter  than  what  Debian  users  get  for  free. 

Debian  isn’t  perfect;  what  is?  Whatever  you  think 
about  the  Microsoft  Slammer  virus  debacle,  it  indi¬ 
cates  that  security  upgrading  of  commercial  soft¬ 
ware  isn’t  perfect, so  there  is  no  basis  for  comparing 
open  source  to  a  fanciful  “gold  standard.” 

Ray  Olszewski 
Senior  software  engineer 
Echogent  Systems 
Palo  Alto 


prepared  speeches. 

This  will  be  my  second  Security  Showdown. Two  years 
ago,  I  convened  the  leading  software  vendors  for  what 
proved  to  be  an  intense  discussion  on  the  strengths  and 
weaknesses  of  their  products.This  time,  I’m  challenging 
key  players  in  the  hardware  market  to  answer  unscripted 
questions  about  their  corporate  strategies  and  offerings. 

Hardware  is  a  fast-growing  segment  of  the  market. 
Appliance  vendors  are  incorporating  more  functionality 
helping  reduce  purchase  and  deployment  complexity,  par¬ 
ticularly  for  remote  offices.  Box  makers  have  tackled  VPN, 
firewall,  intrusion  detection  and  prevention,  and  more. 
Also,  there’s  tremendous  change  afoot,  with  mergers,  part¬ 
nerships  and  innovative  products  reshaping  the  industry 

So  I’m  challenging  Cisco,  Nokia,  Symantec  and  Network 
Associates  to  send  their  top  technical  executives  to  the 
Network  World  Security  Showdown  on  June  18  at  the 
Jacob  KJavits  Center. 

Cisco  and  Nokia  are  leaders  in  the  firewall/VPN  and 


Open  source  fans 

In  his  Backspin  column  “Tightening  the  bolts  on 
open  source”  (DocFinder:5123),Mark  Gibbs  gets  the 
basics  right  but  misses  one  important  component 
on  the  open  source  side:  the  role  of  “distribution” 
packagers.  In  the  context  of  Linux  or  GNU  —  not  the 
only  setting  for  open  source,  but  certainly  a  major 
one  —  commercial  vendors  (Red  Hat,  SuSE  and  so 
forth)  and  noncommercial  packagers  (Debian) 
have  systems  for  providing  security  updates. 

I  use  Debian  and  get  regular  announcements  of 
security  problems  and  fixes  from  the  Debian  secur¬ 
ity  mailing  list.  Usually  the  fix  requires  me  to  do  no 
more  than  update  my  package  list  (a  one-line  com¬ 
mand),  followed  by  an  upgrade  of  the  revised  pack¬ 
age  (another  one-line  command). 

I  stay  on  top  of  a  few  applications  outside  this 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  Editor  In 
Chief,  Network  World,  118  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


In  “Tightening  the  bolts  on  open  source,”  Mark  Gibbs 
expresses  concern  about  lack  of  support.  In  my 
experience,  it  has  been  quite  the  opposite. 

Several  months  ago,  I  was  working  on  a  project  to 
replace  my  company’s  aging  Netscape  Messenger 
Server  with  an  open  source  product.  In  the  midst  of 
configuring  the  software,  I  ran  into  a  bug.  I  posted  a 
message  to  a  listserver  for  the  software.  Within  an 
hour,  the  author  of  the  program  responded  and  con¬ 
firmed  that  it  was  a  bug  he  had  not  seen.Within  four 
hours,  he  e-mailed  a  patch  to  me. 

That  is  the  kind  of  support  you  get  with  open 
source.The  people  who  write  open  source  software 
do  so  because  they  have  a  need  for  an  application, 
not  because  they  need  a  new  product  to  bring  in 
more  revenue.They  take  great  pride  in  the  quality  of 
the  software  they’ve  developed  and  love  to  see  other 
people  using  it. 

David  Harfst 
St.  Louis 


intrusion-detection  markets.  Network  Associates  and 
Symantec  are  not  only  top  brand  names  in  security  but 
also  are  making  bold  moves  in  the  hardware  market.  Each 
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has  enhanced  its  hardware  strategy  with  recent  acquisi¬ 
tions.  Network  Associates  snagged  newbie  IntruVert  Net¬ 
works  for  $100  million,  while  Symantec  snagged  Recourse 
Technologies  for  $135  million.  Symantec  also  is  expected 
to  announce  today  a  partnership  with  Sun  to  offer  intru¬ 
sion  detection  based  on  Sun’s  hardware. 

I’m  willing  to  add  another  vendor  —  perhaps  one  of  the 
newer  all-in-one-box  security  providers  or  another  top 
hardware  maker  —  based  on  your  thoughts.  Let  me  know 
who  you  want  and  what  you  want  Network  World  Senior 
Editor  Ellen  Messmer  and  me  to  ask  these  vendors. 

For  now,  Cisco,  Nokia,  Symantec  and  Network  Associates 
—  are  you  in? 


—  John  Gallant 
President  and  Editorial  Director 
jgallant@nww.  com 
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Joel  Snyder 

Every  day,  we  hear  about  security  prob¬ 
lems  lurking  on  our  networks  and  are 
urged  to  fix  them  immediately  When  we 
deal  with  that  information,  we’re  performing 
risk  analysis.  When  we  run  out  and  install  every  security  patch  we  read 
about,  we’re  performing  poor  risk  analysis. 

One  factor  that  contributes  to  poor  risk  analysis  is  having  too  much 
awareness  of  a  problem.  Get  hypersensitized  to  an  issue, such  as  securi¬ 
ty  threats,  and  you’re  bound  to  react  in  a  way  disproportionate  and 
uncalled  for  by  the  facts.  We’re  not  just  inundated  with  security  infor¬ 
mation;  we’re  overwhelmed  by  it. This  sets  us  up  to  make  poor  decisions. 

The  reality  of  todays  software  development  life  cycle  is  that  full-pro¬ 
duction  releases  don’t  come  out  bug-free.  And  quickly  made,  poorly 
tested  security  patches  are  just  as  likely  to  have  bugs.  Microsoft, because 
it  releases  so  many  patches,  has  hit  the  news  with  reports  of  updates 
that  made  things  worse,  but  it  is  not  alone.  A  few  weeks  ago,  Apple 
introduced  10.2.4,  a  bug-and-security  patch  to  its  OS  X  operating  sys¬ 
tem.  People  who  installed  it  suddenly  discovered  problems  with  their 
power  management  and  PPP  stacks.  Anyone  can  make  these  errors. 

The  complexity  of  systems,  the  difficulty  of  doing  good  quality  assur¬ 
ance  and  the  rush  to  push  products  out  as  quickly  as  possible  have  put 
us  all  on  an  upgrade-and-patch  treadmill.  But  experienced  network 
managers  know  that  patching  a  working  system  is  often  worse  than 
leaving  it  alone. 

Why  then,  do  we  throw  normal  caution  and  good  business  sense  out 


Risk  analysis  needs  a  reality  check 


the  window  when  it  comes  to  security  patches?  Our  normal  strategies 
of  testing,  containment  and  problem  avoidance  disappear  and  are 
replaced  by  prevention  and  anticipatory  self-defense.  A  company  I 
work  with  rushed  last  week  to  react  to  the  most  recent  sendmail  secu¬ 
rity  patch  and  ended  up  trashing  its  e-mail  system  —  this  for  a  bug  that 
had, as  its  worse  effect,  the  potential  to  crash  the  mail-handling  process 
and  require  a  restart. 

All  security  all  encryption,  all  authentication,  is  based  on  probabili¬ 
ties,  and  one  factor  contributing  to  poor  risk  analysis  is  failing  to  pay 
attention  to  the  probability  of  a  risk  actually  becoming  a  problem.  A 
recent  paper  from  security  researchers  at  Stanford  showed  how  it  is 
possible  in  some  implementations  of  OpenSSL  to  recover  the  private 
key  from  the  outside.  It’s  innovative  and  interesting  research,  and  it  will 
help  to  make  cryptographic  software  better.  But  it  also  requires  a  sys¬ 
tem  with  a  gigahertz-precision  clock  to  be  sitting  less  than  a  millisec¬ 
ond  away  from  the  server  being  attacked. The  attack  is  impractical  and 
impossible  over  the  Internet.  But  this  didn’t  keep  system  managers  ail 
over  the  Internet  from  updating  their  OpenSSL  code. 

I’m  not  saying  that  patching  systems  is  a  bad  idea.  But  network 
managers  need  to  step  back  a  second  and  do  a  real  risk  analysis  on 
these  perceived  threats.  Is  the  cure  worse  than  the  disease? 


Experienced  net¬ 
work  managers 
know  that  patch¬ 
ing  a  working 
system  is  often 
worse  than  leav¬ 
ing  it  alone. 


Snyder,  a  Network  World  Test  Alliance  partner,  is  a  senior  partner  at 
Opus  One  in  Tucson,  Ariz.  He  can  be  reached  at  Joel.Snyder@ 
opusl.com. 


ABOVE  THE  CLOUD 

James  Kobielus 
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I  -mail  is  rarely  secure,  but  users  rarely 
care.  E-mail  is  secure  enough  for  most 
I  users  under  most  circumstances,  even 
those  involving  transmission  of  sensitive  content.  People  leave  most 
messages  unencrypted  and  unsigned  because  they  believe  the  risks  of 
eavesdropping  and  tampering  are  minimal  —  until  someone  proves 
otherwise.  Customers  have  voted  with  their  dollars  in  favor  of  e-mail 
products  and  hosted  services  that  skimp  on  end-to-end  security 
Even  in  this  post-Sept.  1 1  environment  of  heightened  alert,  the  secure 
messaging  market  has  not  been  a  runaway  success,  although  it’s  by  no 
means  on  the  decline.  Vendors  continue  to  provide  innovative  secure 
messaging  products  and  attract  customers  in  high-sensitivity  vertical 
markets,  such  as  government,  finance,  healthcare  and  legal. 

We  won’t  see  a  universal  end-to-end  security  protocol  for  e-mail  any 
time  soon.  None  of  the  contenders  for  that  distinction  have  broken  out 
of  their  narrow  market  niches,  and  none  of  the  underlying  conditions 
that  have  kept  them  in  these  niches  have  changed  substantially  Public 
key  infrastructure  (PKI)  products  continue  to  be  complicated  to  imple¬ 
ment,  administer  and  integrate  with  messaging  systems,  especially  at 
the  client  side.  Alternatives  to  PKI  have  achieved  some  success,  but  suf¬ 
fer  from  a  lack  of  open,  nonproprietary  standards. 

However,  the  situation  for  secure  e-mail  usage  isn’t  as  bleak  as  it 
would  appear.  The  market  for  secure  Webmail  services  continues  to 
expand,  based  on  the  server-side  Secure  Sockets  Layer  (SSL)  feature 
built  into  all  Web  sites  and  browsers. Server-side  SSL  might  be  regarded 
as  the  principal  secure  e-mail  protocol  in  use  worldwide.  It  is  the  basis 
for  stand-alone  Webmail  environments,  as  well  as  for  messaging  prod¬ 
ucts  and  hosted  services.  It  is  the  security  protocol  for  browser  access 
to  corporate  email  systems  such  as  Microsoft  Exchange  and  Lotus 
Domino.  And  it  is  an  alternate  delivery  mechanism  for  Secure 
Multipurpose  Internet  Messaging  Extensions  gateways  to  push  content 
securely  to  non-S/MIME-enabled  recipients. 

Server-side  SSL  is  the  predominant  security  protocol  used  in  many 
other  niches  of  the  collaboration  market. SSL  over  HTTP  is  the  prima¬ 
ry  front-channel  client/server  security  protocol  used  in  secure  instant 


Server-side  SSL  boosts  security 


messaging,  mobile  e-mail  access,  Internet-facing  collaboration  envi¬ 
ronments,  Weblogs,  Web  conferencing  and  secure  file  transfer.  (Its  sis¬ 
ter  protocol,  server-side  Wireless  Transport  Layer  Security  also  is 
broadly  used  in  mobile  messaging.) 

In  the  back  channel  between  infrastructure  components,  SSL  over 
SMTP  is  widely  used  to  encrypt  sessions  between  message  routers, 
relays,  gateways  and  content  filters.  SSL  is  being  used  increasingly  as 
a  VPN  protocol,  an  alternative  to  IP  Security  Point-to-Point  Tunneling 
Protocol  and  other  standards. 

One  big  advantage  of  server-side  SSL  is  reliance  on  a  simple  but  ubiq¬ 
uitous  PKI-based  trust  infrastructure.  Under  server-side  SSL,  the  server, 
but  not  clients,  is  provisioned  with  X.509  certificates.  Clients  trust  the 
root  certificate  authority  that  issued  the  certificate,  usually  a  public  cer¬ 
tificate  authority  such  as  VeriSign.  Clients  then  authenticate  the  server 
cryptographically  and  authenticate  themselves  to  the  server  using  ID 
and  password.  The  SSL-enabled  server  then  sets  up  secure,  encrypted 
sessions  with  clients  on  the  fly 

But  server-side  SSL  doesn’t  provide  an  end-to-end  secure  messaging 
protocol, so  it  can’t  compete  directly  with  S/MIME,  Pretty  Good  Privacy 
and  secret-key-based  approaches.  One  of  its  limitations  is  that  it 
encrypts  only  on  a  particular  channel  usually  client-to-server  or  server- 
to-server.  Another  limitation  is  that  it  doesn’t  support  signing  of  individ¬ 
ual  messages  within  an  encrypted  session.  S/MIME,  by  contrast,  sup¬ 
ports  end-to-end  per-message  encryption  and  signing. 

But  it’s  not  clear  that  many  users  need  these  end-to-end  security  fea¬ 
tures.  Server-side  SSL  isn’t  the  ultimate  solution  for  all  secure  messaging 
needs,  but  it  addresses  users’  most  pressing  concerns  with  insecure 
transmission  channels.  It  is  a  universal,  flexible  standard  for  securing 
network  services  at  the  application  level,  and  its  role  in  secure  collab¬ 
oration  environments  will  continue  to  grow. 


Customers  have 
voted  with  their 
dollars  in  favor 
of  e-mail  prod¬ 
ucts  and  hosted 
services  that 
skimp  on  end-to- 
end  security. 


Kobielus  is  a  senior  analyst  with  Burton  Group,  an  IT  advisory  service 
that  provides  in-depth  technology  analysis  for  network  planners.  He  can 
be  reached  at  (703)  924-6224  or  jkobielus@burtongroup.com.  The  opin¬ 
ions  expressed  are  his  own. 
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Complimentary  Event  for  Qualified  Attendees! 


Viruses.  Hackers.  Disgruntled  employees.  Your  corporate  network  faces 
endless  security  threats.  And  as  more  laptops,  PDAs  and  mobile  devices 
access  networks,  your  exposure  only  increases.  In  a  recent  Computer 
Security  Institute  survey  more  than  90%  of  respondents  reported  a 
security  breach  within  the  past  18  months.  And  80%  of  those  suffered  a  financial 
loss.  So  it's  not  enough  for  an  IT  manager  to  simply  secure  the  perimeter.  Your 
strategies  must  reach  deeper  into  the  network  as  well  as  out  to  the  devices  that 
access  your  system.  Do  you  have  the  answers  you  need  at  every  point.. .port-level 
firewalls,  intrusion  detection  and  prevention,  802. lx  wireless  protection?  Do  you 
know  the  right  questions  to  ask?  And  are  you  getting  real  solutions  that  help  you 
defend  and  win  enterprise-wide?  Join  us  for  Network  World's  Security  Technology 
Tour:  "Protecting  the  Enterprise  and  its  Assets."  Let  security  expert  Joel  Snyder 
and  other  top  security  companies  show  you  how  to  choose  and  implement  the 
most  effective  and  efficient  tools  for  your  network.  This  one-day  seminar  is  free 
to  qualified  professionals,  but  space  is  limited.  Register  now  to  be  safely  included! 


Learn  the  Latest  about  Security 


■  Conduct  vulnerability  assessments 

*  Embed  security  in  handhelds,  laptops 
and  other  mobile  devices 

■  Deploy  intrusion  detection  and  tools 

■  Select  the  right  VPN  for  your 
prevention  environment 

■  Ensure  end-to-end  security  for 
broadband  and  wireless  users 

■  Develop  and  testing  on-site  and  off-site 
disaster  recovery/backup  plans 

■  Improve  network  protection  with 
common  tools  such  as  firewalls  and 
virus  scanners 


PRE  REGISTRATION  FOR  THIS  COMPLIMENTARY  EVENT  IS  REQUIRED.  RESERVE  YOUR  SEAT  NOW! 

Online  at  www.nwfusion.com/events/security2/register.jsp 
or  call  1-800-643-4668 
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This  eot  is  limited  to  Network  and  IT  professionals  involved  in  the  evaluation  and  purchase  of  Security  products  and  services.  Network  World  reserves  the  right  to  determine  the  audience 

profile  of  attendees  participating  on  a  complimentary  basis.  Paid  registration  is  also  available. 
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A  good  intrusion-detection  system  is  one  way  to 
fight  off  hackers.Studying  news  of  security 
threats  and  installing  the  latest  patches  is 
another  excellent  idea.  Hacking  your  own  Web 
site  to  verify  that  it’s  secure  is  yet  another. 

If  you  hack  your  own  network,  make  sure  to  give  your¬ 
self  a  safe  environment.  Making  back-up  copies  of  server 
files  and  configuration  data  can  be  a  lifesaver  when 
your  hacking  attempts  succeed  beyond  your  wildest 
expectations.  And  make  sure  the  appropriate  people 
know  what  you’re  doing  beforehand.  In  your  status  re¬ 
ports  and  memos,  however,  don’t  refer  to  your  activities 
as  hacking.  Use  the  term  “auditing” —  it  sounds  better. 
Nonetheless,  ethical  hacking  is  what  you’ll  be  doing. 

During  a  recent  project  to  improve  security  at  a 
Microsoft  Internet  Information  Server  (IIS)  5.0-based 
Web  site,  we  used  five  hacking  tools: 

•  ©stake’s  NetCat  1.1;  a  script-driven  utility  that  con¬ 
nects  to  Web  sites,  sends  HTML  requests  and  shows  the 
Web  sites’  responses. 

•  Rain  Forest  Puppy’s  Whisker  2.1  for  Unix  and 
Whisker  1.4  for  Windows;  Web  site  checking  tools  that 
obtain  Web  site  contents,  run  programs  on  the  Web 
server  and  crack  Web  site  passwords. 

•  HooBie’s  Brutus  AET2  and  EliteSys’  Entry  2.7; 
superlative,  fast  password  crackers. 

•  Tennyson  Maxwell  Information  Systems’  Teleport 


Pro  1 .29;  a  Web  spider  that  discovers  and  copies  Web 
server  files. 

Our  self-hacking  game  plan  was  to  gain  access  to  the 
Web  site  by  bombarding  it  with  badly  formed  URLs,  cut 
through  authentication  barricades  by  guessing  pass¬ 
words  and  copy  Web  site  files  once  we’d  cracked  the 
site’s  security. The  five  tools  helped  by  revealing  operat¬ 
ing  system  and  other  files  on  the  Web  server,  defeating 
password  protections  and  even  obtaining  (simulated) 
credit  card  files. 

Some  really  bad  characters 

Our  research,  in  combination  with  NetCat’s  documen¬ 
tation,  suggested  that  we  could  break  in  by  using  the 
UniCode  IIS  bug.This  Microsoft  IIS  vulnerability  was  dis¬ 
covered  in  October  2000,  but  many  sites  have  yet  to 
apply  the  security  patches  that  fix  it. 

It  works  this  way:  A  hacker  tries  to  access  the  network 
via  a  particular  type  of  badly  formed  URL,  which  can 
cause  the  Web  server  to  give  the  hacker  access  to  direc¬ 
tories  containing  files  and  executables. The  hacker  can 
then  copy  the  files  or  download  the  executable  and 
launch  it  remotely 

Our  first  goal  was  to  gain  some  basic  information 
about  the  Web  site.  In  a  typical  Web  server  interaction,  a 
client’s  browser  sends  a  “GET/Default.htm  ’  request  to  the 
Web  server,  along  with  some  browser  identification  data 


Ethical  hacking  of  your  own  Web  site  can  reveal 
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These  log  files  show  how  a  hacker  could  try  to  gain  access  to  a  network  by  using  badly  formed 
URLs  to  confuse  the  Web  server.  In  these  logs,  all  GET  requests  went  through  Port  80. 

c-  'tpfa  proh&s.  The  second  one  succeeds,  running  CMD.EXE  to  obtain  a  list  of  directories  on  the  Web  server. 


1  Time 

Ciient-IP  address 

Server-IP  address 

Document  requested 

Query  string 

Status 

15:06:00 

217.230.56.210 

192.100.10.84 

/winnt/system32/cmd.exe 

/c+dir+c:\ 

404:  Not  found 

15:06:00 

217.230.56.210 

192.100.10.84 

/scripts/.%2e/.%2e/winnt/system32/cmd.exe 

/c+dir+c:\ 

200:  Success 

15:06:01 

217.230.56.210 

192.100.10.84 

/scripts/. %2e/.%2e/winnt/system32/cmd.exe 

/c+dir+c:\ 

502:  Service  temporarily  overloaded 

More  complex  probes.  Note  the  use  of  %5c  as  a  special  character  in  the  fifth  and  sixth  events.  The  sixth  one  succeeds. 


1  Time 

Ciient-IP  address 

Server-IP  address 

Document  requested 

Query  string 

Status 

10:59:51 

64.105.84.207 

192.100.10.84 

/scripts/root.exe 

/  c+dir 

404:  Not  found 

10:59:54 

64.105.84.207 

192.100.10.84 

/MSADC/root.exe 

/  c+dir 

403:  Forbidden 

10:59:57 

64.105.84.207 

192.100.10.84 

/c/winnt/system32/cmd.exe 

/  c+dir 

404:  Not  found 

11:00:09 

64.105.84.207 

192.100.10.84 

/d/winnt/system32/cmd.exe 

/  c+dir 

404:  Not  found 

11:00:12 

64.105.84.207 

192.100.10.84 

/scripts/.  .%5c../winnt/system32/cmd.exe 

/c+dir 

500:  Internal  error 

11:00:14 

64.105.84.207 

192.100.10.84 

/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 

/  c+dir 

200:  Success 

Probe  events  after  the  installation  of  Microsoft's  Uriscan  security  tool. 


1  Time 

Client-IP  address 

Server-IP  address 

Document  requested 

Query  string 

Status 

12:33:20 

64.105.128.173 

192.100.10.84 

/<Rejected-By-UrlScan> 

-/scripts/root.exe 

403 

12:33:20 

64.105.128.173 

192.100.10.84 

/<Rejected-By-UrlScan> 

~/MSAD/root.exe 

403 

12:33:20 

64.105.128.173 

192.100.10.84 

/<Rejected-By-UrlScan> 

~/c/winnt/system32/cmd.exe 

403 

12:33:21 

64.105.128.173 

192.100.10.84 

/<Rejected-By-UrlScan> 

~/d/winnt/system32/cmd.exe 

403 

12:33:21 

64.105.128.173 

192.100.10.84 

/<Rejected-By-UrlScan> 

-/scripts/.  ,%255c../winnt/system32/c 

403 

12:33:21 

64.105.128.173 

192.100.10.84 

/<Rejected-By-UrlScan> 

~/vti bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe 

403 

12:33:22 

64.105.128.173 

192.100.10.84 

/<Rejected-By-UrlScan> 

~/_mem_bin/..$255c../..%255c../..%255c../winnt/system32/cmd.exe 

403 

(such  as  Mozilla/4.0+  compatible; +MSIE+5. 5; +Windows 
+NT  +4.0). The  Web  server  responds  with  a  return  code 
of  200,  which  indicates  success,  some  identifying  infor¬ 
mation  of  its  own  and  the  contents  of  the  Default.htm 
Web  page. 

Examining  the  Web  server’s  responses  told  us  volumes 
about  that  specific  Web  server.  We  easily  discovered 
details  that  let  us  access  its  operating  system  files,  data 
files, script  programs  and  databases. 

An  example  of  this  dangerous  type  of  URL  is  192. 100. 

1 6.32/scripts/.. %c0%af../winnt/system32/cmd.exe?/c+dir+ 
d:\.  Unless  patched,  the  Web  site  responds  to  this  URL  with 
a  list  of  directories  and  files  on  the  server’s  D:  drive. 

We  were  able  to  use  special  characters  (illegal  Unicode 
encodings  of  the  “/’’character)  inside  bizarre-looking 
UR1.S  to  gain  access  to  directories  that  we  shouldn’t  have 
had  access  to, such  as  the  directory\WINNT\System32. 
Inside  that  directory,  we  found  the  server’s  command  shell 
CMD.EXE  program. 

In  separate  tests,  we  experimented  with  Unix  and 
Linux  machines  running  Apache  Web  server  software. 

We  found  that  Unix  and  Linux  files  also  are  at  risk.  For 
example,  a  server  might  have  a  Perl  CGI  script  index  pro¬ 
gram  as  part  of  the  site’s  search  feature.  Sending  a 
www.site.com/index.cgi?page=index.cgi  GET  request  to 
the  server  revealed  the  source  code  for  the  index.cgi 
program.  We  could  glean  quite  a  bit  of  information 
about  a  site  by  examining  the  Perl  script  that  imple¬ 
ments  its  search  feature. 

Stealing  credit  card  numbers 

We  used  the  UniCode  IIS  bug  and  other  Windows  idio¬ 
syncrasies  to  learn  which  files  were  on  the  server,  to  look 


at  the  contents  of  those  files  and  to  copy  the  files.  Next, 
we  established  passwords  to  deter  unauthorized  server 
access.  And  we  quickly  learned  that  lackadaisically 
administered  passwords  are  no  obstacle  to  hackers. 

Whisker,  Brutus  and  Entry  made  short  work  of  guess¬ 
ing  simple  name-  or  birthday-related  passwords  we  ini¬ 
tially  created. These  tools  also  could  guess  correct 
passwords  based  on  permutations  of  the  simple  pass¬ 
words  we  started  with. 

Once  we  guessed  a  password  for  the  Windows  ma¬ 
chine,  we  sidestepped  the  IIS,  Apache  or  Netscape  soft¬ 
ware.  Because  file  and  print  sharing  were  active  by  de¬ 
fault  on  the  Windows  Web  server,  we  merely  needed  to 
issue  the  following  simple  command  via  CMD.EXE  to 
access  files:  NET  USE  F:  \\ServerName\ShareName 
password. 

Even  after  we  disabled  file  and  print  sharing,  we  still 
could  use  Teleport  Pro  to  copy  server  files  nearly  effort¬ 
lessly  to  another  machine.  We  only  needed  to  know  the 
password  of  a  logon  account  with  sufficient  permissions 
to  access  the  files.  Guessing  the  password  wasn’t  terribly 
difficult  when  we  used  a  software  tool  that  generates 
permutations  of  entries  in  word  lists.The  tools  are  blaz- 
ingly  fast,  too.  Depending  on  factors  such  as  bandwidth, 
latency  and  CPU  speed,  a  password-cracking  tool  can 
issue  up  to  30,000  password  attempts  per  minute. 

A  good  password-cracking  tool  is  fast  and  flexible.  For 
example,  before  we  ran  Brutus  to  generate  permutations 
of  candidate  passwords  we  supplied  in  a  word  list  file,  we 
told  Brutus  the  nature  of  the  passwords  it  should  try.  We 
could  specify  that  trial  passwords  should  be  upper,  lower 
or  mixed  case  letters,  just  numeric  digits,  any  keys 
pressed  or  characters  from  a  custom  set.  We  could  also 


tell  Brutus  the  minimum  and  maximum  number  of  char¬ 
acters  each  trial  password  should  contain. 

Before  we  imposed  new, strict  password  guidelines,  we 
found  that  the  password-cracking  tools  quickly  discov¬ 
ered  many  of  the  Web  server’s  existing  passwords.  In  one 
of  our  hacking  attempts,  the  combination  of  Brutus  and 
Teleport  Pro  easily  and  painlessly  disclosed  the  contents 
of  a  simulated  credit  card  file. The  file  or  database  could 
just  as  well  have  contained  any  other  private,  business- 
sensitive  information  for  us  to  exploit*. 

Setting  up  password  challenges  can  thwart  unautho¬ 
rized  Web  server  access,  but  only  if  you  make  your  pass¬ 
words  unguessable.  We  suggest  you  adopt  a  corporate 
policy  regarding  passwords  that  specifies  each  user’s 
password  must  be  at  least  six  (or  even  eight)  characters, 
contain  both  letters  and  numbers,  change  periodically 
and  not  be  based  on  people’s  names  or  birthdays. 

Conclusion 

In  our  project  to  improve  Web  site  security,  we  found 
that  hackers  can  all  too  easily  use  malformed  URLs  and 
other  tricks  to  gain  access  to  servers  and  files  on  your 
network.To  fend  off  these  digital  breaking  and  entering 
attempts,  we  set  up  some  simple  procedures  at  the  client 
site,  including  staying  abreast  of  security  patches,  faith¬ 
fully  applying  those  patches  and  periodically  checking 
log  files  for  break-in  attempts.  We  also  put  in  place  a  pro¬ 
cedure  for  ethically  hacking  the  site  on  a  regular  basis. 

Nance,  a  software  developer  and  consultant,  is  the 
author  of  Introduction  to  Networking,  4th  Edition  and 
Client/Server  LAN  Programming.  He  can  be  reached  at 
barryn  @erols.  com. 
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WLAN  analyzers 


Tools  to  watch 
your  airwaves 


■  BY  TOM  HENDERSON,  NETWORK  WORLD  GLOBAL  TEST  ALLIANCE 

Like  a  blind  date,  wireless  LANs  can  look  attractive  and  compelling  on  the  sur¬ 
face,  but  looks  can  be  deceiving.  WLANs  might  install  smoothly  with  little 
forethought,  but  in  time,  they  can  represent  huge  problems,  especially  in 
terms  of  asset  exposure  and  costs  of  computing  services. 


i  Information 

SSSID  (46) 

Ad-Hoc (13) 

B  J2  Infrastructure 
|-©  AP  (44) 
-*@STA(30) 

(=)■♦  Expert  Advice 

J . ^  Performance  (3,0.0) 

!  g)  Security  (37, 11,0) 


(Broadcast 


Doing  your  WLAN  homework  mandates  using  tools  that  can  verify 
audit  and  analyze  a  wireless  network.  Even  companies  that  don’t  want 
a  WLAN  need  an  analyzer  because  of  rogue  installations.  Many  WLAN 
equipment  vendors  include  site  survey  tools,  either  with  their 
access  point  or  client  products  —  but  these  are  often  rudimen¬ 
tary  not  standardized  and  not  designed  for  the  multiple  phases  of 
WLAN  analysis. 

WLAN  analyzers  usually  consist  of  the  same  components  used 
in  WLANs:  popular  802.11  network  cards  in  either  a  notebook, 
handheld,  or,  in  one  case,  a  proprietary  portable  form  factor. The 
handheld  analyzers  usually  consist  of  software  on  an  HP  iPAQ 
PDA.  And  because  they  are  mobile,  the  handheld  devices  are 
used  less  for  protocol  analysis  than  for  WLAN-specific  features, 
such  as  surveying  radio  channels  for  signal  strength  and  device 
populations.The  range  of  a  handheld  device  is  similar  to  that  of 
notebook-based  WLAN  analyzers,  except  that  a  handheld  device 
is  much  easier  to  wave  in  the  air  while  looking  for  a  signal. 

We  tested  eight  products  (three  handheld-based  and  five 
notebook-based  analyzers):  AirMagnet’s  PDA  and  notebook 
versions;  Fluke  Networks’  WaveRunner  and  OptiView  wireless; 

Sniffer  Wireless  and  PDA  option;  Network  Instruments  Observer; 
and  Finisar  Surveyor  Wireless. 

The  analyzers  were  tested  on  a  dual  802.1  lb  and  802.1  la  net¬ 
work  (see  How  we  did  it, page  41). During  the  tests, we  found  that 
each  analyzer  has  a  niche  that  its  designers  focused  on.  Only  two 
products  (the  AirMagnet  handheld  and  notebook  version)  had  a 
strong  WLAN  generalist  feel. The  AirMagnet  handheld,  because  of 
its  mobility  wins  our  World  Class  Award  over  very  tight  competition 
from  the  Sniffer  Fbrtable  and  the  AirMagnet  notebook  version. The 
Network  Instruments  Observer  and  Sniffer  portable  proved  to  be 
the  best  graft  of  wireless/radio  analysis  tools  onto  protocol  analyzer  platforms.  Fluke 
Networks’  OptiView  with  wireless  option  and  Finisar  Surveyor  Wireless  also  were 
strong  contenders,  but  each  has  a  superset  of  features  for  WLAN  use  —  and  hefty  price 
tags  to  match.  Features  in  the  other  WLAN  analyzers  might  still  be  attractive  or  even 
invaluable  for  certain  types  of  WLAN  analysis. 

When  they’re  good,  WLAN  analyzers  are  very  good.  When  they’re  bad,  it’s  only  that 
they  lack  some  competitive  features.The  units  we  tested  also  might  be  blindsided  by 
new  802.1  lg  technologies  and  nonstandard  wireless  LAN  data  rates  found  in  “plus,” 
“turbo”  and  other  enhanced  rates  (see  story  page  40). 

AirMagnet  handheld 

AirMagnet  fit  the  bill  for  all  three  stages  of  WLAN  analysis  (see  story,  page  41).  Air¬ 
Magnet  makes  strong  use  of  the  user  interface  on  the  iPAQ.and  delivers  a  lot  of  infor¬ 
mation  on  each  screen. Through  the  use  of  color  choices  and  understandable  icons, 
we  became  rapidly  productive  with  AirMagnet’s  features  and  functions. 

AirMagnet  gets  the  most  out  of  the  iPAQ’s  small  screen.  Icons  that  can  rapidly  change 
context  or  feature  choice  let  us  find  the  test  problems/results  quickly.  AirMagnet  pro¬ 
vides  an  instant  visual  representation  of  what  it  has  discovered,  and  immediately  let 
us  drill  down  to  the  WLAN  objects  in  our  test  domain. 

The  software  has  two  modes:  expert  and  survey  Switching  between  these  modes 
was  initially  confusing,  but  we  adapted  quickly  Survey  mode  audits  what’s  in  the  air, 
and  expert  mode  allows  probing  or  specific  analysis  of  devices  found.  AirMagnet 
shipped  a  Cisco  AiroNet  350  WLAN  adapter  to  be  used  with  its  software  (the  AiroNet 
350  card  was  suggested  by  many  vendors). 

There  are  up  to  14  channels  possible  in  802.1  lb,  although  in  the  U.S.,only  11  are 
used.  An  802.1  lb  analyzer  should  be  able  to  survey  all  of  the  channels  because  users 
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AirMagnet’s  PDA  version  (seen  here 
on  an  iPAQ)  wins  our  World  Class 
Award  for  its  great  WLAN  analysis  and 
mobility. 


have  the  option  of  running  equipment  over  legal  and  illegal  channels. 
The  AirMagnet  scanned  all  14  802.11b  channels,  and  delivered  accu¬ 
rate  signal  and  noise  figures  for  the  802.1  lb  devices  we  tested.  It  also 
detected  background  interference  from  our  microwave  oven 
and  2.4-GHz  cordless  phone. 

The  AirMagnet  had  the  best  sensitivity  of  the  handheld  units 
—  initially  this  presented  a  problem.  It  found  adjacent  WLANs 
blocks  away  from  our  test  site.  We  were  forced  to  verify  these 
WLANs  by  driving  through  the  adjacent  area  to  determine 
whether  the  tester  was  producing  false  positives,  even  though  it 
was  highly  unlikely 

The  AirMagnet  offered  analysis  of  alarm  conditions  (such  as 
an  access  point  advertising  its  SSID  or  an  access  point  with 
Wired  Equivalent  Privacy  disabled).  It  also  gave  us  performance 
data,  such  as  clients  sending  a  high  rate  of  low-speed  packets, 
or  excessive  beaconing,  which  can  indicate  a  radio  problem. 
We  used  the  AirMagnet  to  associate  with  ad  hoc  (clients)  and 
infrastructure  (usually  access  points)  devices,  obtain  Dynamic 
Host  Configuration  Protocol  (DHCP)  addresses,  and  ping  vari¬ 
ous  nodes. 

The  software  let  us  rapidly  build  access  control  lists  to  detect 
media  access  control  (MAC)-layer  addresses  that  were  foreign 
to  the  network,  so  rogue  WLAN  devices  could  easily  be  detect¬ 
ed  and  visually  identified.  We  then  used  the  AirMagnet  to  find 
the  rogue  devices  by  scanning  for  signal  strength  of  the  rogue 
device(s).  Drive-by  logon  attacks  also  were  correctly  noted. We 
had  19  drive-bys  during  our  five  days  of  testing. 

Finally,  the  AirMagnet  also  has  easily  invoked  tools  such  as 
a  ping,  whois  and  DHCP  controls.  By  the  end  of  our  tests,  we 
grabbed  the  AirMagnet  to  verify  the  other  tools  we  were  test¬ 


ing  —  a  big  compliment. 

Sniffer  Wireless  PDA  1.0 

The  Sniffer  PDA  option  focuses  on  network  problem  detection.  Also  based  on  the 
iPAQ  (but  using  the  Symbol  24  series  Wi-Fi  card),  Sniffer  PDA  impressed  us  with  a  fea¬ 
ture  expected  from  a  Sniffer  product  —  packet  decodes  and  expert  analysis. 

A  Channel  Surf  and  Dashboard  are  the  two  front  ends  to  Sniffer  PDA.  Sniffer  surfs 
all  14  802.11b  channels,  and  like  the  AirMagnet,  has  high  radio  sensitivity  Drilling 
down  to  specific  objects  for  examination  and  manipulation  wasn’t  as  easy  as  with 
the  AirMagnet,  although  packet  capture  and  decode  were  stellar. 

We  also  found  what  turns  out  to  be  a  known  issue:  during  medium  to  heavy  loads, 
changing  the  monitored  802.1  lb  channel  to  another  will  cause  the  unit  to  become 
erratic,  then  crash.  When  this  happened,  a  soft  reset  solved  the  issue. 

One  of  Sniffer’s  best  traits  is  its  ability  to  decode  packets,  and  implementing  the 
Expert  mode,  let  a  user  get  a  rapid  idea  of  what  is  going  on  in  the  network.  Sniffer 
PDA  is  no  different  except  that  its  Expert  diagnosis  had  overlooked  two  WLAN  cards 
in  separate  machines  with  the  same  MAC  address  (a  spoof  simulation).  The  Expert 
analysis  otherwise  found  all  of  our  simulated  problems. 

While  the  Sniffer  PDA  was  an  excellent  tool  because  of  its  protocol  analysis,  it  didn’t 
outweigh  the  handiness  of  the  AirMagnet  handheld. 

Fluke  WaveRunner 

The  WaveRunner  also  is  based  on  an  iPaq  using  an  embedded  Linux  platform,  all 
coupled  via  a  proprietary  Fluke  802.11b  card.  It  was  less  sensitive  overall  than  the 
Sniffer  PDA  or  the  AirMagnet  —  which  uses  essentially  the  same  platform. 
WaveRunner  also  couldn’t  scan  above  the  legal  US. 802.1  lb  channels, although  Fluke 
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note  about  speeds 

The  handheld  analyzers  were  limited  in  looking  at  802.11b  because  the  higher 
speeds  of  802.11a  are  simply  too  fast  for  the  PC  Card  data  bus  used  in  the 
most  popular  form  factor —  HP's  iPAQ  3800  Series.  The  current  crop  of 
802.1  la/g  cards  are  based  on  CardBus  —  the  PCI  bus-like  superset  of  the  PC  Card 
specification.  Only  now  are  handhelds  starting  to  emerge  that  can  support  Card- 
Bus  adapters'  data  rates.  CardBus  also  will  be  necessary  for  802.11g's  proposed 
(but  rarely  achieved)  54M  bit/sec  data  rates.  Network  Instruments  recently 
announced  an  update  to  its  Observer  Wireless  notebook-based  product  that  will 
support  802.1  la/b/g  and  no  doubt  require  a  CardBus  interface  (and  likely  will  need 
updates  as  contentions  in  the  final  standard  are  worked  out). 

The  notebook  PC-based  analyzers  are  the  only  platform  for  analysis  of  802.11a  (in 
addition  to  b).  Normally,  a  notebook  uses  only  one  of  the  two  available  wireless  LAN 
connectivity  methods  (a  or  b).  A  WLAN  analyzer  must  flip  between  these  modes  to 
gauge  both  protocols  sequentially,  although  all  but  one  notebook  analyzer  (Air- 
Magnet)  we  tested  could  test  only  one  protocol  at  a  time. 

Notebook-based  analyzer  software  makers  have  often  adapted  their  network 
analysis  offerings  by  adding  WLAN  extensions,  probes  or  other  attachments  — 
thus  turning  them  into  products  thought  to  be  only  for  the  WLAN  analysis  market. 
We  found  mixed  results  in  this  architecture  because  WLAN  analysis  needs  a  strong 
focus  on  the  radio. 

—  Tom  Henderson 


says  it  soon  expects  to  ship  a  WLAN  card 
for  the  WaveRunner  that  covers  all  14  chan¬ 
nels  Unfortunately;  our  experience  with 
'  thcr  Fluke  products  made  us  expect  more 
than  what  we  found  in  the  WaveRunner. 

The  WaveRunner’s  user  interface  was  a 
stumbling  block.  Fewer  options  are  avail¬ 
able  on  each  feature  page  than  are  offered 
with  the  AirMagnet,  which  forced  us  to 
make  frequent  mode  changes  —  this 
made  field  usage  difficult.  Each  new  dis¬ 
play  was  essentially  a  tree  branch  from  the 
primary  modes  of  the  WaveRunner:  Device 
Scan,  Site  Scan,  (Active)  Channels  display 
Traffic  display, Tools  and  Reports.  We  often 
had  to  navigate  to  the  top  of  the  tree  by 
closing  the  page,  making  rapid  context 
switches  daunting. 

There  also  are  fewer  features.  Articulate 
network/WLAN  diagnostics,  such  as  per¬ 
centage  of  packets  at  low  speed,  aren’t 
offered. Post-installation  support  in  terms  of 
rogue  device  identification  and  informa¬ 
tion  management  is  difficult.  All  the 
devices  that  WaveRunner  discovers  are 
classified  as  rogue  until  they  are  reclassi¬ 
fied  to  be  either  known  or  neighbors. 
Deleting  any  device,  once  discovered,  re¬ 
quires  a  lot  of  maneuvering. 

Fluke’s  Web  site  also  was  devoid  of  up¬ 
dates  for  WaveRunner  and  any  other  useful 
information  about  the  WaveRunner’s  sup¬ 
port  issues. We  were  disappointed  with  it. 


AirMagnet  2.5  laptop 

Similar  in  user  interface  and  functionality 
to  the  handheld  version,  the  AirMagnet  lap¬ 
top  version  used  a  NetGear  802. 1  la/b  dual¬ 
mode  WLAN  card  (the  WT501)  to  perform 
a  more  holistic  analysis  of  our  network. 
Adding  802.1  la  features  was  useful, but  the 
user  interface  was  a  bit  tougher  to  manip¬ 
ulate.  It  required  a  lot  of  mouse  movements 
to  achieve  intermodal  task  switches.  The 
features  of  the  user  interfaces  are  similar. 
The  notebook  screen  let  us  get  a  larger  pic¬ 
ture  of  the  test  environment  without 
scrolling. 

The  802.1  la  part  of  the  AirMagnet  laptop 
version  couldn’t  readily  see  our  access 
point  and  client  MAC  address  problem  — 
we  configured  two  access  points  and  two 
clients  with  the  same  MAC  address.  Even¬ 
tually  the  software  figured  it  out,  but  only 
after  several  minutes.  Repeating  the  test  pro¬ 
vided  the  same  results.  AirMagnet  analysis 
also  degraded  or  stopped  altogether  when 
certain  tools  or  drill-down  tests  were  per¬ 
formed.  It  could  see  the  turbo  mode  we 
used  in  one  of  our  802.1  la  access  points. 

Despite  a  slightly  weaker  user  inter¬ 
face,  the  laptop  version  worked  well.  It 
would  be  useful  on  a  Tablet  PC  — 
although  the  NetGear’s  802.1  la/b  card 
we  tested  with  the  laptop  version  tended 
to  drain  a  Tablet  PC’s  notebook  battery 
very  quickly. 


Sniffer  Wireless  (notebook) 

The  Sniffer  Wireless  notebook  version 
has  strong  analysis  capabilities,  but  was 
hobbled  by  the  inability  to  analyze  802. 1  lb 
and  802.11a  concurrently  Instead  of  dual¬ 
mode  card  support,  the  only  802.11a  card 
supported  comes  from  Proxim  —  the 


Harmony  802. 1  la  card.  It’s  possible  to  use 
this  otherwise  stunning  analyzer  for  one  or 
the  other  WLAN  standards,  but  not  both  at 
once.  This  is  a  significant  limitation. 
Another  limitation  is  that  the  newest  oper¬ 
ating  system  supported  was  Windows  2000 
Professional. 


Net  Resu  ts 


4.8  RATING 
AirMagnet  PDA 

Company: 

AirMagnet,  (650) 
694-6754,  www. 
airmagnet.com 
Price:  $2,500. 
Pros:  Sensitive, 
good  user 
interface,  strong 
analysis  of  radio 
functions.  Cons: 
A  few  task¬ 
switching  road 
bumps. 
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I  RATING 

Sniffer  Wireless  PDA 

Company:  Sniffer 
Technologies,  (800) 
764-3337,  www. 
sniffer.com  Price: 
$4,000  for  software. 
Pros:  Very  good 
capture/  decode 
analysis;  full- 
featured  tool  kit. 
Cons:  Weaker  user 
interface  than 
AirMagnet; 
occasional  lock-ups. 


4.6  RATING 
AirMagnet  notebook 

Company: 

AirMagnet,  (650) 
694-6754,  www. 
airmagnet.com 
Price:  $3,000. 
Pros:  Mode- 
switches  802.1  la/b 
automatically;  good 
user  interface. 
Cons:  Limited  a/b 
card  support;  needs 
lots  of  cursor 
movement. 
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I  RATING 

Sniffer  notebook 

Company:  Sniffer 
Technologies,  (800) 
764-3337,  www. 
sniffer.com  Price: 
$10,000.  Pros: 
Excellent  seven- 
layer  analysis; 
legendary  decodes. 
Cons:  Weaker 
WLAN  relationship 
analysis;  can  scan 
for  802.1 1b  or 
802.11a,  but  not 
concurrently. 
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Finisar  Surveyor 
Wireless 

Company:  Finisar, 
(408)  548-1000, 
www.finisar.com 
Price:  $2,500. 
Pros:  Good  real¬ 
time  monitoring/ 
capture;  compre¬ 
hensive  seven- 
layer  analysis. 
Cons:  802.11b  only; 
weak  user 
interface. 


Network  Instru¬ 
ments  Observer 

Company: 

Network  Instru¬ 
ments,  (952)  932- 
9899,  www.  network 
instruments.com 
Price:  $1,000.  Pros: 
Very  good  mix  of 
wire  and  wireless 
analyzer/packet 
decoder.  Cons: 
Cannot  view 
802.11a/b  con¬ 
currently. 


Fluke  OptiView  Pro 
Gigabit  Wireless 

Company:  Fluke 
Networks,  (800) 
283-5853,  www. 
flukenetworks.com 
Price:  $23,600  for 
OptiView  software, 
wireless  option 
costs  $6,000*. 
Pros:  Multitasking 
portable  analyzer; 
strongWLAN 
features.  Cons: 
802.11b  only;  sep¬ 
arate  app  from 


i  RATING 

Fluke  WaveRunner 

Company:  Fluke 
Networks,  (800) 
283-5853,  www. 
flukenetworks.com 
Price:  $4,000 
(includes  PDA  and 
NIC).  Pros:  Good 
overall  tool  set. 
Cons: Tough  to  use 
applications;  much 
context  switching; 
limited  channel 
support. 


What’s  the 
score? 

AirMagnet 

PDA 

Sniffer  PDA 

AirMagnet 

notebook 

Sniffer 

notebook 

Surveyor 

Wireless 

Observer 

OptiView 

WaveRunner 

Ease  of  use  20% 

5 

4 

4 

4 

4 

3 

4 

3 

Diagnosis  depth  20% 

4 

4 

4 

4 

4 

4 

3 

Radio  features  20% 

5 

5 

5 

3 

4 

4 

2 

2 

WLAN  features  20% 

5 

5 

5 

4 

3 

4 

4 

4 

Performance  20% 

5 

5 

5 

5 

4 

4 

4 

4 

TOTAL  SCORE 

4.8 

4.6 

4.6 

4.0 

3.8 

3.8 

3.6 

3.2 

individual  category  scores  are  based  on  a  scale  of  1  to  5.  Percentages  are  the  weight  given  each  category  in  determining  the  total  score.  ■  Scoring  Key:  5:  Exceptional  showing  in  this  category.  Defines 
r  ■  standard  of  excellence.  4:  Very  good  showing.  Although  there  may  be  room  for  improvement,  this  product  was  much  better  than  the  average.  3:  Average  showing  in  this  category.  Product  was  neither 
c-  l  t-  oily  good  nor  exceptionally  bad.  2:  Below  average.  Lacked  some  features  or  lower  performance  than  other  products  or  than  expected.  1:  Consistently  subpar,  or  lacking  features  being  reviewed. 

*Less-expensive  options  available. 
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I  Where  WLAN  analyzers  apply 

A  wireless  LAN  analyzer  can  help  in  all  three  stages  of  a  WLAN's  life: 

1)  Site  survey:  WLANs  are  unlicensed  radio  transports  for  Ethernet.  As  such, 
they  are  subject  to  unseen  and  heretofore  undetected  or  interfering  radio 
commotion  in  the  desired  coverage  area.  Some  analyzers  we  tested  were  decidedly 
better  than  others  at  surveying  a  proposed  WLAN  site.  The  AirMagnet  handheld 
and  laptop  versions,  as  well  as  Fluke's  OptiView  wireless  option,  were  especially 
strong  on  radio  analysis.  All  the  analyzers  (except  the  Sniffer  Portable)  also  could 
detect  high  background  noise  sources. 

2)  Deployment:  Analysis  during  deployment  aids  a  plan  developed  from  site  survey 
results.  Access  points  are  deployed  to  best  cover  geography  with  available  signal. 
Security  methods  in  the  access  points  and  WLAN  clients  that  connect  to  the  net¬ 
work  infrastructure  are  verified.  Some  of  the  notebook-based  analyzers  tested 
weren't  as  adept  as  the  handheld  testers  in  this  phase  of  deployment. 

3)  Troubleshooting  and  auditing:  Post-installation  connectivity  problems  between 
clients  and  access  points  can  be  analyzed.  Traffic  and  signal  distribution  problems 
can  be  found,  analyzed  and  corrected.  This  also  is  when  rogue  equipment  might  be 
detected,  as  well  as  discovering  users  who  play  with  WLAN-associated  settings. 

—  Tom  Henderson 


Sniffer  has  outstanding  network  analysis 
by  ISO/OSI  layer,  packet  decode,  highly 
refined  triggers  for  alarms,  and  famous 
Sniffer  Expert  analysis  available.  But  strong 
radio  analysis  features  were  missing.  We 
could  build  filters  that  would  let  us  analo¬ 
gize  some  of  the  features  found  on  Air- 
Magnet,  OptiView  and  Network  Instru¬ 
ments  Observer. 

The  lack  of  strong  radio  analysis  features 
relegates  this  product  to  post-installation 
analysis  tasks  that  mimic  analysis  of  wire 
line  systems  components.  Sniffer  features 
many  packet  decodes;  communications 
analysis;  and  expert  analysis  of  systems, 
object,  applications  and  relationships.  Un¬ 
fortunately  WLAN  analysis  is  seemingly  rel¬ 
egated  as  an  attachment  or  graft  to  this 
famous  Swiss  Army  Knife  of  analysis  tools. 

Network  Instruments  Observer  4.75 

Network  Instruments  Observer  (NIO) 
uses  WLAN  extensions  to  its  Observer  plat¬ 
form  to  build  a  WLAN  analyzer.  The  stan¬ 
dard  NIO  product  architectural  model  uses 
a  core  application  that  has  probes 
attached  to  it.  An  analogy  might  be  an  op¬ 
erating  system  kernel  that  has  device  dri¬ 
vers  that  in  turn,  talk  to  peripherals.  This 
had  a  mixed  effect  for  us  because  we  were 
required  to  learn  the  underlying  network 
analysis  platform  (the  kernel)  before  we 
could  make  NIO’s  WLAN  probe  useful. 

The  probe  connects  to  a  wired  Ethernet 
card  or  an  approved  wireless  network  card, 
and  we  again  chose  the  approved  NetGear 
WT501  802.11a/b  card,  but  the  analyzer  is 
limited  to  monitoring  either  ‘a’or‘b’,but  not 


both  standards  concurrently  The  user  inter¬ 
face  is  modal,  and  many  modes  (applica¬ 
tions)  can  be  started,  subject  to  available 
CPU  of  the  notebook.  Each  mode/applica¬ 
tion  must  be  started  or  stopped  manually, 
and  eventually  applications  have  an  effect 
on  each  others  performance.  The  applica¬ 
tions  can  be  windowed,  but  it  makes  for  a 
busy  display  Packet  capture  and  analysis 
are  very  strong,  and  a  nearly  equal  to  the 
venerable  Sniffer. 

Like  the  Sniffer  Portable,  there’s  a  dash¬ 
board  that  can  be  used  to  get  a  visual  indi¬ 
cation  of  WLAN  network  performance. The 
dashboard  was  somewhat  gimmicky  be¬ 
cause  it  was  useful  only  for  the  current 
radio  conditions  and  doesn’t  relate  well  to 
mobility  requirements. 

Fluke  OptiView  wireless  option 

If  you’re  simply  seeking  WLAN  analysis, 
the  OptiView  wireless  option  might  be 
overkill  (it  has  strong  wireline  features  that 
are  a  separate  application)  and  underkill 
(lack  of  802.1  la  features).  Fluke’s  OptiView 
is  a  touch-screen-based  PC  with  integrated 
adapters,  ranging  from  10/100M  bit/sec 
through  Gigabit  Ethernet.  It’s  like  a  tablet 
PC  in  some  ways,  but  uses  Windows  98  as 
its  operating  system  foundation.  OptiView s 
‘touchscreen  is  easy  to  use,  even  with  a  fin¬ 
gernail  as  a  stylus.  However,  the  touch 
screen  is  disabled  if  the  unit  boots  into 
Windows  98  safe  mode.  We  also  were  dis¬ 
appointed  that  Windows  98  security 
updates  weren’t  performed  on  the  unit  that 
shipped  to  us.The  wireless  option  includes 
Fluke  Wireless  Analyzer  software  and  a 


Fluke  802.11b  network  card. 

The  software  focuses  on  access  point 
characteristics  and  client  characteristics 
when  clients  are  associated  with  access 
points.  Unlike  OptiViews  wireline  analysis 
application,  there  is  no  expert  or  problem 
analysis  of  conditions  that  are  found  in  the 
wireless  application  —  although  they’re 
available  and  quite  articulate  in  the  wire- 
line  application. The  wireless  and  wireline 
version  of  the  software  can  run  concurrent¬ 
ly  However,  under  high  loads,  the  wireless 
option  degrades  the  wireline  applications, 
and  vice  versa.The  wireless  option  captures 
and  decodes  packets  in  Sniffer  format. 

It  was  easy  to  drill  down  to  examine  vari¬ 
ous  characteristics  of  each  access  point. 
We  could  use  a  locate  function  that 
beeped  or  clicked  as  we  approached  the 
desired  device  —  even  when  two  access 
points  in  relatively  close  proximity  were  on 
the  same  channel.  Direction  finding  meant 
rotating  the  unit  on  a  360-degree  axis, 
which  took  getting  used  to.  It’s  not  an  artic¬ 
ulate  direction  finder,  just  a  general  one. 

A  failing  of  the  product  was  its  inability  to 
see  illegal  channels  13  and  14  —  even  after 
we  programmed  access  points  for  these 
channels.  This  was  surprising,  and  poten¬ 
tially  limiting,  as  these  access  point  chan¬ 
nels  are  used  despite  their  illegality  Fluke 
says  there  is  a  channel  limitation  on  its  cur¬ 
rent  model  WLAN  card, and  that  an  update 
would  be  available  “very  shortly’ 

Finisar  Surveyor  Wireless 

The  Finisar  Surveyor  Wireless  VI.  10.95 
supports  only  802.1  lb.  Installation  was  a  lit¬ 
tle  more  difficult  than  normal;  Finisar  sup¬ 
ports  only  eight  WLAN  cards  and  requires 
its  own  drivers  for  each  supported  card. 

Surveyor  Wireless  examines  channels 
sequentially  sweeping  them  over  a  speci¬ 
fied  period  of  seconds.  The  samples  taken 
during  the  sweep  were  displayed  in  a  his¬ 
togram,  color-coded  by  the  channel  sam¬ 
pled  in  terms  of  utilization, signal  level  and 
errors  per  second.  Accumulated  per-chan- 
nel  data  isn’t  available  in  the  monitor  or 


capture  modes  of  the  analyzer,  which  can 
be  run  separately  or  concurrently 

A  Detail  View  allows  windowing  of  vari¬ 
ous  relationships  and  statistical  bar  charts, 
histograms  and  accumulated  data  tables 
representing  802.11-specific  information 
and  wireline  network  information.  No 
expert  analysis  comes  canned  in  the  appli¬ 
cation,  although  it  is  possible  to  set  triggers 
and  thresholds  for  alarms  for  various  con¬ 
ditions,  such  as  excessive  slow-rate  frames, 
errors,  and  control  frames. 

The  promise  of  Finisar’s  Surveyor  is  it  has 
many  desirable  visual  tools  but  lacks  tools 
that  help  state  the  wireless  network  infra¬ 
structure  in  a  way  that  allows  rapid  drill¬ 
down  to  802.11  relationships,  such  as 
access  point  clients,  802. lx  and  associating 
and  testing  access  point  connectivity. 

Conclusion 

The  WLAN  industry  is  moving  quickly 
and  the  ability  to  find  802.1  lb  and  802.1  la 
is  important  because  rogue  equipment 
can’t  be  readily  detected  without  the  abil¬ 
ity  to  support  both  protocol  sets.  Keeping 
up  with  changes  in  the  market  appears  to 
be  the  biggest  challenge  for  WLAN  analyz¬ 
er  makers.  The  AirMagnet  products  have  a 
decidedly  strong  focus  on  WLAN  specifics 
and  stood  out  from  the  tough  competition. 
The  Sniffer  PDA  was  stronger  than  its  note¬ 
book  counterpart,  if  only  for  its  forced 
focus  on  WLAN  specifics. We  had  some  dis¬ 
appointments,  but  get  the  feeling  that  in  a 
year,  we  might  get  a  much  different  WLAN 
analyzer  product  mix  to  test. 

Henderson  is  managing  director  of 
ExtremeLabs  of  Indianapolis.  He  can  be 
reached  at  thenderson@extremelabs.com. 
He  is  a  member  of  the  Network  World 
Global  Test  Alliance,  a  cooperative  of  the  pre¬ 
mier  reviewers  in  the  network  industry,  each 
bringing  years  of  practical  experience  on 
every  review.  For  more  Test  Alliance  infor¬ 
mation,  including  what  it  takes  to  become  a 
member,  go  to  www.nwfusion.  com/ 
alliance. 


How  we  did  it 


We  performed  several  wireless  LAN  tests.  We  configured  a  WLAN  infrastruc¬ 
ture  consisting  of  five  802.11b  access  points,  two  802.11a  access  points,  two 
802.1  la/b  hybrid  access  points  and  two802.11b+  access  points  over  three 
logical  Ethernet  segments,  connected  together  via  an  Ethernet  switch.  The  802.1 1  b+ 
access  points  were  not  configured  in  802.11b  plus  mode  because  all  of  the  analyz¬ 
ers  detected  a  speed  error  and  could  not  otherwise  access  them.  We  used  access 
points  from  Proxim/Orinoco,  D-Link  (802.11b,  802.1  la/b,  802.11b+),  NetGear 
(802.1  la/b),  Linksys  (802.11b,  802.11a,  802.11a/b),  Intel  (802.11b),  and  Buffalo 
Technologies  (802.11b). 

We  checked  that  each  analyzer  could  identify  all  access  points,  identify  access 
points  (both  802.11  a  and  b  where  possible)  with  identical  media  access  control 
(MAC)  addresses,  identify,  associate  with,  and  use  Dynamic  Host  Configuration 
Protocol  on  access  points;  get  an  address  from  the  DHCP  server  on  the  network; 
and  detect  SMTP  on  an  access  point.  No  analyzer  we  tested  could  detect  SMTP. 

We  also  checked  that  each  WLAN  analyzer  could  detect  Wired  Equivalent  Privacy 
(and  its  level  and  correct  implementation);  identify  ad  hoc  (bridged  access  points) 
vs.  infrastructure  modes;  and  identify  additional  modes  of  WLAN  security  (802. lx). 

Three  test-configuration  problems  also  needed  to  be  identified:  duplicate  client 
MAC  addresses,  duplicate  IP  addresses  and  routing  problems.  We  also  placed  an 
802.11b  access  point  nearly  out  of  range  (65  meters  away  and  elevated  eight 
meters)  to  see  if  an  analyzer  could  detect  its  presence  and  the  aforementioned 
analysis  on  it. 

We  also  deployed  an  802.1 1g  access  point  to  see  how  the  analyzers  would  react 
—  the  analyzers  without  exception  triggered  the  802. 11g  access  point  into  802.11b 
working  mode.  Native  802. 11g  mode  (forced  mode)  was  represented  as  noise  or 
invalid  data  rate  on  the  specific  channels. 

All  the  handheld  analyzers  were  tested  on  an  HP  iPAQ  3800  Series  Pocket  PC. 

The  AirMagnet  and  Sniffer  Wireless  PDA  option  use  the  Pocket  PC  platform  — 
Fluke's  WaveRunner  uses  embedded  Linux.  All  handheld  devices  were  limited  to 
testing  802.11b  at  the  time  of  our  tests. 
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Five  Nines,  by  the  book 


I  recently  had  a  junior  engineer  in  our 
lab  ask  me  about  the  term  “five  nines.” 
I  launched  into  my  canned  script 
about  the  term  representing  99.999%  up¬ 
time,  translating  into  a  5-minute,  15-second 
downtime  budget.  Still  with  furrowed 


brow,  he  peppered  me  with  more  ques¬ 
tions.  “Is  that  5  minutes,  15  seconds  in  a 
year  or  over  the  life  of  the  box?”“How  do 
you  define  ‘downtime?’”  “Does  that  in¬ 
clude  software  patches?” 

The  kid  caught  me  flat-footed, and  I  real- 


Small  and  midsize 
businesses  need  to  be 
smart  about  technology- 
if  used  wisely,  IT  can  create 
competitive  advantages  that  can 
boost  a  company  in  to  the  big 
leagues.  Nowhere  is  this  more 
true  than  when  it  comes  to  the 
desktop  environment,  where 
technology  touches  nearly  every 
employee  on  a  daily  basis. 
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environment  that  supports 
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breaking  the  budget.  The  big 
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support.  Take  advantage  of  this 
free  offer  from  Network  World 
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ized  I  was  passing  along  “spoon-fed”  infor¬ 
mation  about  an  important  subject.  I 
needed  to  educate  myself  on  what  five 
nines  really  means. 

Five  nines  is  not  a  hard  metric,  but  rather 
the  result  of  a  predictive  calculation. 
When  a  company  claims  that  its  device  is 
five-nines  reliable,  it  is  talking  about  an 
absurdly  complicated  mathematical  cal¬ 
culation  based  on  industry-standard  for¬ 
mulas  used  to  predict  the  reliability  of  the 
box.  For  every  possible  definition  of  “fail¬ 
ure” —  ranging  from  a  hint  of  trouble  to  a 
total  meltdown  —  these  formulas  take 
into  account  the  extent  of  the  failures, 
the  probability  with  which  they  will 
occur,  how  quickly  the  failures  can  be 
diagnosed,  and  how  soon  service  can  be 
restored. 

Fuzzy  line  around  availability 

Five-nines  discussions  blur  the  line  be¬ 
tween  availability  and  reliability.  A  five- 
nines  claim  could  be  referring  to  either 
availability  or  reliability,  depending  upon 
which  predictive  formula  is  used.  It’s 
important  to  understand  the  difference 
between  the  two  ways  vendors  can  spin 
these  terms. 

For  any  given  product, availability  equals 
the  total  amount  of  time  the  product  was 
up.  Reliability  means  the  number  of  in¬ 
stances  in  which  the  product  went  down. 
So  you  can  have  one  big  outage,  and  the 
box  will  reflect  high  reliability,  but  low 
availability.  Or  you  could  have  two  dozen 
outages  of  5  seconds  or  less,  and  the  box 
could  be  accurately  described  as  being 
highly  available,  but  unreliable. 

Confusing,  I  know.  But  that’s  the  point. 
When  a  vendor  or  marketeer  says  “five 
nines,”  they’re  probably  using  it  as  a 
catchall  phrase  that  is  probably  devoid  of 
any  real  meaning. 

If  you  invoked  the  “spirit”  of  the  law,  very 
few  products  would  stand  the  test.  One  of 
the  originators  of  the  concept  of  five  nines 
is  Telcordia,  formerly  Bellcore,  which 
geared  its  specifications  toward  Local 
Access  and  Transport  Area  office  and  tan¬ 
dem  switching  systems.  When  I  engaged 
in  the  ascetic  exercise  of  reading  the  core 
specification  document,  1  found  out  that 
“five  nines” —  however  you  define  it  —  is 
entirely  too  forgiving.  For  example,  as  it 
relates  to  availability, Telcordia’s  allowable 
downtime  budget  for  an  entire  system  fail¬ 
ure,  in  which  all  end  users  are  down,  is  24 
seconds  per  year.  So  much  for  5  minutes, 
15  seconds. 

So  what  should  a  five-nines  claim  mean 
to  you  as  a  purchaser  of  network  gear?  If 
not  backed  up  by  independently  verified 
testing  over  time,  not  a  thing.  Just  throw  it 
on  the  trash  heap  of  marketing  buzz¬ 
words.  Focus  instead  on  the  specific  re¬ 
dundancy  features  of  the  gear  you’re  pur¬ 
chasing,  and  you’ll  be  much  better  off. 

Percy  is  a  technology  analyst  at  Miercom, 
a  network  consultancy  and  testing  center 
in  Princeton  Junction ,  N.J.  He  can  be 
reached  at  kpercy@miercom.com. 
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Retaining  crucial  skills 

IT  executives  look  to  preserve  mainframe  and  legacy  system  knowledge  as  employees  near  retirement. 


■  BY  DENISE  DUBIE 

Before  Kent  Howell  can  retire,  he  needs  to  complete  one  more 
project  for  his  employer:  He  must  teach  his  co-workers  the  main¬ 
frame  systems  expertise  he  acquired  in  his  35  years  of  working  in 
high-tech. 


As  manager  of  computer  operations  for 
Illinois  Fbwer  Company  in  Decatur,  Howell 
has  about  three  years  before  he  retires  to 
pass  along  his  legacy  knowledge  to  fellow 
staff  members,  who  are  trained  primarily  in 
client/server  and  distributed  technologies. 

“1  don’t  think  it’s  accurate  to  say  main¬ 
frame  skills  will  become  extinct,”  Howell 
says.“What  is  fair  to  say  is  that,  based  on  the 
current  academia  environment,  training  in 
those  skills  will  become  rarer  unless  the 
trend  is  modified.” 

Howell  isn’t  alone  in  his  opinion.  The 
Association  for  Computer  Operations 
Management  (AFCOM)  last  month  an¬ 
nounced  an  initiative  designed  to  address 
mainframe  skills  and  retiring  IT  managers. 
Established  in  1981  and  boasting  more 
than  3,000  members,  AFCOM  is  a  trade 
association  for  data  center  professionals. 

While  AFCOM’s  Data  Center  Institute  re¬ 
cently  introduced  its  Data  Center  Know¬ 
ledge  Initiative  of  training,  technology  and 
educational  resources  for  companies  fac¬ 
ing  the  potential  loss  of  mainframe  skills, 
the  problem  has  been  on  the  minds  of 
many  for  about  two  years. 

“Despite  the  interest  and  growth  in  train¬ 
ing  for  new  distributed  technologies,  many 
large  organizations  continue  to  rely  on 
mainframe-based  systems  and  applications 
as  mission-critical  parts  of  their  business,” 
says  Brian  Koma,  vice  president  of  market¬ 
ing  for  AFCOM.  While  he  has  no  specific 
numbers,  Koma  says  colleges  and  universi¬ 
ties  are  offering  fewer  courses  in  main¬ 
frame  and  legacy  systems  management, 
and  continue  to  develop  their  client/server 
and  distributed  technologies  programs. 

AFCOM  partnered  with  Marist  College  in 
Poughkeepsie,  N.Y.,  to  provide  a  quick 
resource  to  courses  and  degree  programs 
in  data  center  technologies,  which  include 
programming  languages  such  as  COBOL. 

COBOL  was  developed  and  adopted  in 
1960  as  the  primary  business  application 


language  on  mainframes  and  minicomput¬ 
ers.  There  are  an  estimated  90,000  COBOL 
programmers  today,  with  about  55%  of 
them  nearing  retirement  in  the  next  five  to 
seven  years,  Meta  Group  says.Yet  according 
to  Meta  Group,  60%  of  hosted  applications 


Teaching  a  new  dog  old  tricks 

Tips  to  avoid  losing  mainframe  and 
legacy  skills  when  employees  retire. 

•  Initiate  cross-training  efforts  among 
different  IT  disciplines  and 
departments. 

•  Partner  with  peer  companies’ IT 
departments  to  develop  training 
programs. 

•  Work  with  educational  institutions  to 
help  influence  curriculum  design  and 
encourage  specific  IT  programs. 

•  Create  mentoring  programs  that 
partner  younger  employees  with 
veteran  programming  staff. 

•  Determine  appropriate  incentives  for 
IT  staff  to  learn  needed  mainframe  or 
legacy  expertise. 

will  continue  to  reside  on  the  mainframe 
through  the  next  decade,  requiring  legacy 
skills  to  support  them. 

Other  skills  in  danger  of  becoming  ex¬ 
tinct  are  FORTRAN  and  PL/1.  FORTRAN, 
developed  in  1954  by  IBM,  was  originally 
designed  to  express  mathematical  formu¬ 
las,  and  PL/I  also  is  a  high-level  IBM  pro¬ 
gramming  language  introduced  in  1964 
with  the  System/360  series  of  mainframes.lt 
was  designed  to  combine  the  features  of 
and  eventually  supplant  COBOL  and  FOR¬ 
TRAN,  which  never  happened. 

Roger  Norton,  dean  of  computer  science 
and  mathematics  at  Marist,  says  25  years 


ago  educational  institutions  offered  many 
programs  to  teach  these  skills,  but  today 
there’s  no  interest  in  learning  the  programs 
or  in  studying  legacy  systems.  Marist  is  one 
of  the  few  schools  to  offer  courses  sup¬ 
ported  by  the  Institute  for  Data  Center  Pro¬ 
fessionals,  including  undergraduate  de¬ 
grees  and  certification  programs. 

“The  traditional  training  grounds  are  not 
producing  new  IT  professionals  with  these 
skills,”  Norton  says.  “We  are  working  with 
AFCOM  to  ensure  companies  don’t  lose 
their  mainframe  expertise  with  retiring 
employees.” 

John  Bardwell,  data  center  director  at 


Aging  breed 

About  55% 

of  IT  workers  with  expertise 
in  mainframe  and 
enterprise  data  center 
skills  are  more  than  50 
years  old  and  will  be  eligible 
for  retirement  within  five 
to  seven  years,  according 
to  Meta  Group. 


•  Hire  retired  employees  as  contractors 
to  help  train  others. 

•  Invest  in  products  that  could  ease  the 
integration,  maintenance  and 
management  of  legacy  devices  and 
applications. 


Unisys  West,  a  financial  and  IT  consulting 
services  firm  in  West  Perth,  Australia,  says 
his  search  for  an  IBM  mainframe  profes¬ 
sional  is  proving  difficult. 

“IBM  mainframe  systems  programmers, 
DB2  database  administrators  and  IBM 
operations  analysts  with  [JCL]  skills  are 
the  area’s  most  at-risk  skills  from  my  man¬ 
agement  perspective,”  Bardwell  says.  He 
adds  that  finding  applications  profession¬ 
als  with  COBOL  and  PL/1  skills  also  is  a 
challenge. 

Many  IBM  shops  in  Australia  have  lost 
some  of  their  mainframe  management 
workforce  through  retirement.  Because  of 


that,  Bardwell’s  company  will  pay  “above¬ 
market  rates  for  our  at-risk  skills.” 

Unfortunately,  most  agree  that  client/ 
server  technologies  and  programming 
technologies  such  as  C++,  Java  and  Visual 
Basic  do  not  overlap  much  with  mainframe 
languages  and  management  tools.  But 
Bardwell  and  Howell  say  IT  professionals 
familiar  with  working  in  a  distributed  com¬ 
puting  environment  can  be  trained  to  han¬ 
dle  mainframes. 

Bardwell’s  staff  has  been  cross-training  its 
Tandem  (now  owned  by  HP)  systems  pro¬ 
grammers  in  its  Unix  environment  and  vice 
versa  for  about  12  to  18  months.  Unisys 
West  also  has  implemented  systems  man¬ 
agement  software  from  BMC  that  can  man¬ 
age  across  multiple  vendor  platforms. 

“It  has  the  same  operational  look  and  feel 
as  any  other  system,  so  technicians  can 
work  with  the  familiar  interface,”  Bardwell 
says. Vendors  such  as  ASG,  BMC  and  Cyber- 
mation  participated  in  the  AFCOM  announ¬ 
cement  detailing  how  their  software  prod¬ 
ucts,  which  offer  cross-platform  monitoring, 
management  and  automation  features,  can 
help  ease  the  burden  when  mainframe 
experts  retire. 

Howell  says  cross-training  within  the  IT 
department,  with  staff  from  other  com¬ 
pany  departments  and  partnering  with 
peers  in  the  industry  to  share  knowledge 
and  skills  among  companies,  will  go  a 
long  way  toward  preserving  the  expertise. 
Having  been  a  part-time  computer  sci¬ 
ence  teacher  at  a  junior  college,  Howell 
also  feels  IT  staff  should  be  proactive  and 
contact  educational  institutions  in  their 
area  about  adding  more  mainframe  train¬ 
ing  programs  to  their  curriculum. 

Because  the  estimated  effect  of  the 
shortage  is  not  expected  to  occur  for 
another  five  years,  Howell  says  IT  man¬ 
agers  have  some  time  to  develop  strategies 
and  accept  that  they  need  people  to  sup¬ 
port  their  reliable,  stable  and  mission-criti¬ 
cal  networks  and  applications. 

“Several  years  ago,  we  heard  that  the 
mainframe  was  dead  and  client/server 
technologies  were  the  only  thing  that 
would  exist  by  today  Experience  shows  us 
that  is  not  the  case,”  Flowell  says.  “People 
are  realizing  that  it’s  a  misnomer  to  call 
mainframe  skills  legacy.  Mainframes  are 
not  going  awa/B 


Available  in  single  and  eight  channel  versions 
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Servers 


AUTOMATICALLY  MONITOR  SERVER  ACTIVITY 

Kaveman  automatically  monitors  critical  server  vitals  such  as  power,  video,  and 
keyboard  response;  it  alerts  you  to  crashes  and  enables  you  to  quickly  respond  to 
problems. 
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COMPLETE  KVM  CONTROL  VIA  TCP/IP 


CONTROL  KEYBOARD.  VIDEO  AND  MOUSE  REGARDLESS  OF  LOCATION 

With  the  Kaveman  networking  device,  you  can  remotely  control  servers,  either  over 
the  Internet  or  a  local  network,  down  to  the  BIOS  level. 

ACCESS  SERVERS  USING  A  WEB  BROW5B3  OR  VNC 

All  you  need  to  operate  Kaveman  is  a  web  browser  or  VNC  on  the  remote  client.  No 
additional  software  is  required.  And  no  software/users  licenses  help  keep  your  costs 
down. 

REMOTELY  CONTROL  POWER 

Through  the  user-friendly  Kaveman  GUI,  you  can  control  the  power  of  up  to  eight 
devices. 
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UltraLink 


a  Connects  to  standalone  computers  or  any  KVM  switch 
■  High  quality  16-bit  video  at  up  to  1280x1024  resolution 

*  Easy  to  install,  give  it  an  IP  address  and  run  the  Viewer 
program,  no  user  license  required 

•  Encrypted  communication  produces  highly  secure  operation 
w  Scaling  and  scrolling  features  for  maximum  flexibility 


UltraLink  sets  a  new  standard  in  remote  management  of  server  room 
environments.  It  saves  you  money  by  allowing  you  to  centralize  your  IT 
resources.  Since  it  does  not  depend  upon  software  loaded  on  your 
computers,  it  deploys  easily  and  works  on  any  operating  system,  such 
as  Windows,  Linux,  Solaris,  Unix,  or  OSX. 

The  UltraLink  digitizes  the  remote  computer's  video.  It  then  scales, 
compresses,  encrypts,  and  packetizes  it  into  the  TCP/IP  protocol.  At 
your  PC  the  free  Viewer  application  receives  and  displays  the  video  and 
sends  back  keyboard  and  mouse  data.  This  process  allow  you  to  access 
remote  computers  from  anywhere. 


Rose  Electronics 
10707  Stancliff  Road 
Houston,  TX  77099 


USA  toll  free 
ROSE  US 
ROSE  Europe 
ROSE  Asia 


800  333  9343 
281  933  7673 
+44  (0)  1264  850574 
+617  3427  5353 


*  Single  mouse  cursor  simplifies  user  interface 
See  four  servers  from  one  screen  with  quad  screen  mode 
■  Lifetime  free  flash  upgrades 


Rose  is  a  leading  manufacturer  of  switching,  extension,  and  access 
products.  As  a  KVM  industry  pioneer,  Rose  is  known  for  its  technically 
superior  and  price  competitive  products. 

Join  the  ranks  of  many  successful  companies  using  UltraLink,  call  Rose 
to  learn  more  about  KVM  Access  over  IP  as  well  as  KVM  Switches  and 
Extenders. 


WWW.ROSE.COM 
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With  Cyclades,  the  only  thing 
missed  at  your  data  center... 


|  Feature 

Benefit 

Remote  Access 

PCMCIA  supporting  modem,  ISDN, 

GSM,  Wireless  LAN 

Security 

SSH  vl  &  v2,  LDAP,  Kerberos,  TACACS+, 
RADIUS,  Secure  ID 

Dual  Power  Supply 
(AC  &  DC) 

High  availability  when  power  fails 

Dual  Ethernet 

PCMCIA  supporting  additional  ethernet 
for  redundancy 

Port  Density 

1,4,8,16,32  or  48  ports  in  1U  rack  space 

'  Best  Hardware  for  Linux" 
since  1995. 


Our  console  servers  give  you  all  the  freedom 
you  need  to  manage  your  networks  and  servers 
anytime,  anywhere. 

Which  is  why  Cyclades  sells  more  console  servers  than  anyone 
else  in  the  industry. 

The  AlterPath” ACS  offers  the  industry's  only  combination  of 
dual  power  supply  and  PCMCIA  slots  for  enhanced  redundancy 
and  functionality.  And  because  our  technology  is  based  on 
Open  Source  Software  (Linux'),  you  benefit  from  innovative 
products  that  offer  flexibility,  ease  of  customization  and 
a  high  level  of  security. 

With  Cyclades  console  servers,  you  get  the  convenience  and 
security  you  need  to  access  and  manage  all  of  the  console  ports 
in  your  data  center  at  anytime,  from  anywhere  in  the  world  - 
even  when  the  network  is  down. 


cyclades 


Everywhere  with  Linux- 


So  relax.  You  won't  miss  a  thing. 


www.cyclades.com/vo  •  sales@cyclades.com  •  1 .888. CYCLADES 
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Experience  Counts.  Since  1 994  GTA 
has  been  building  solid,  dependable 
firewall  systems.  For  the  past  8  years 
our  line  of  firewall  products  have  met 
the  demands  of  small  to  medium 
sized  businesses  worldwide.  To  learn 
more  about  our  family  of  firewalls  visit 
our  website  or  contact  a  GTA  channel 
partner. 


There  Is  A  Better  Way  To  Troubleshoot  &  Manage  Your  Network 


OBSERVE 


OBSERVER 


OBSERVER 

SUITE 


Quickly  Pinpoint,  Pre-solve  & 
Prevent  Network  Problems 
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Expert 
Observer 
* 2895 


Observer 

Suite 

$3995 


Observer® — Quickly  identifies  network 
trouble  spots  and  costs  thousands  less  than 
expensive  hardware-based  analyzers. 
Observer  provides  metrics,  capture,  and 
trending  for  both  shared  and  switched 
environments. 

•  Full  packet  capture  and  decode  for  over 
500  protocols,  including  TCP/IP  (v4  &  v6), 
NetBIOS/NetBEUI,  XolP,  SNA,  SQL,  IPX/SPX, 
Appletalk  and  many,  many  more! 

•  Switched  mode  sees  all  ports  on  a  switch 
gathering  statistics  from  an  entire  switch  or 
capture/statistics  from  any  port(s) 

•  Long-term  network  trending  collects 
statistical  data  for  days,  weeks,  months, 
even  years 

•  Real-time  statistics  include  Top  Talkers, 
Bandwidth,  Protocol  Statistics,  and 
Efficiency  History 

•  Ethernet  (10/100/Gigabit),  Token  Ring, 
FDDI,  and  Wireless  802. 1 1 — no  need  to 
purchase  separate  tools 


•  Windows®  98/Me/NT/2000/XP  compatible 

•  Over  4,000  frame  types  recognized 

Expert  Observer — Identifies  problems  and 
provides  Expert  information  in  plain  English. 

Includes  all  of  the  features  of  Observer  plus 
real-time  and  post-capture  expert  event 
identification  and  analysis — new  SQL  and 
Frame  Relay  experts  add  to  the  many  other 
protocols  covered,  time  synchronization 
technology,  and  modeling  of  network  traffic. 

Observer  Suite — The  ultimate  tool  for 
the  most  demanding  power  user. 

Provides  a  full  complement  of  tools  that 
includes  all  of  the  features  of  Expert 
Observer  plus  SNMP  management,  RMON 
console/Probe  and  Web  reporting.  Includes 
one  remote  Probe. 

If  you  have  any  network  problems,  find 
out  the  cause  with  Observer,  Expert 
Observer,  or  Observer  Suite. 


Call  800-526-7919  or  visit  us  online  for  a  full-featured  evaluation: 

www.NETWORKINSTRUMENTS.com 
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On-Command  Power  Switching  for  your 
Network  Equipment...  from  Anywhere! 


Applications: 

Remote  Power  Management 
X  Servers 

X  Routers  Firewalls  DSU/CSU's 
X  Web  Cams 

Turn  On/Off  any  AC  or  -48VDC 
Powered  equipment  via  telnet, 
modem  or  local  terminal. 

Electronic  equipment  sometimes  "locks- 
up"  requiring  a  service  call  just  to  flip 
the  power  switch  to  do  a  simple  reboot. 
With  WTI  Remote  Power  Switches  you 
have  the  ability  to  perform  this  function 
from  anywhere  on  the  LAN/  WAN,  or  if 
the  network  is  down,  to  simply  dial-in 
from  a  modem  for  out-of-band  control. 

For  over  a  decade  WTI  has  been 
leading  the  way  in  Remote  Power 
Switching  technology  offering  more 
products  choices  for  small  or  large  scale 
remote  management  strategies. 

Our  switches  are  now  installed  in 
thousands  of  sites  world  wide.  Our 
customers  know  they  can  depend  on 
our  superior  quality  and  reliability  for 
their  most  mission-critical  operations. 

Yes,  we  are  customer  friendly! 

X  Two  year  warranty 
X  We  stock  for  same  day  shipment 
X  30  day  return  policy 
X  Start-up  cables  and  rack  ears  included 

Want  an  on-line  demo? 

Just  call  or  e-mail  and  you'll  see  for 
yourself  why  so  many  network 
professionals  choose  WTI. 


EIGHT  PLUG  -  DUAL  BUS 


TWO  PLUGS  -  LOW  COST 


©  Dual  15  Amp  Circuits 
©  Telnet,  lOBaseT  Ethernet 
©  RS232  Console  and  Modem  Ports 
©  User  plus  Admin  Security  Features 
©  115VAC  and  230VAC  Models 


HIGH  CURRENT  -  DUAL  BUS 


NPS-2HD 


©  Ideal  for  CISCO  6500/7500 
©  Dual  20  Amp,  115VAC  Circuits 
©  Telnet,  lOBaseT  Ethernet 
©  RS232  Console  and  Modem  Ports 


DUAL  BUS  -48VDC 


©  Dual  -48VDC,  40  Amp  Circuits 
©  Telnet,  lOBaseT  Ethernet 
©  RS232  Console  and  Modem  Ports 
©  On/Off/Reboot  Switching 


CODE  ACTIVATED  - 
EXPANDABLE 


©  Single  10  Amp  Circuits 

©  Expandable  to  10  Individually 
Switched  Plugs 

©  RS232  Control  Port 


FIVE  CIRCUIT 
-48VDC  POWER  BAR 


RPB+DC30 


©  Five  Individually 
Switched  Circuits 

©  Switch  -48VDC,  12  Amps 
each  Circuit,  30  Amps  Total 

©  Also  Available  in  115VAC 
and  230VAC  Models 
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(800)  854-7226 
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Keeping  the  Net...W@tkm§S 


©  Two  Addressable  Plugs 
©  Telnet,  lOBaseT  Ethernet 
©  RS232  Console  and  Modem  Ports 
©  115VAC  and  230VAC  Models 
©  Manual  on/off  Buttons 
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Current’  Load? 


Used  per  Circuit 

wi^>Sentry  input  Current  Monitor 

> 

•  Precisely  measure  the  current,  in  amps, 
for  each  power  circuit 

•  Prevent  overloads  on  existing  power  circuits 

•  Reduce  costs  for  additional  power  circuits 

•  Overcurrent  alarms 

•  Remote  Measurement  via  IP  or  RS-232 

•  Local  Measurement  via  digital  display 

Sentry  Power  Tower.  Equipment  Cabinet  Solutions. 


Server  Technology,  Inc.  fiaS 

1040  Sandhill  Drive  Reno,  Nevada  8951 1  USA 
web:  www.servertech.com  toll  free:  1.800.835.1515 


Surf  RAID  Low  Cost  RAID  Systems 


960GB  SCSI  RAID  System  -  $5,500 


IMetworkWorld  Storage  Special 


•  960GB  (8x120GB)  Disk  Drives 

•  Hot  Swap  Power  Supplies,  Fans  &  Disks 

■  Dual  Host  Ultra3  SCSI  Interfaces 

■  Cableless  BackPlane  Design 

•  RAID  Levels  -  0,  1,  0+1,  3  &  5 

■  Supports  Most  Operating  Systems 

•  Simple  Driverless  Setup 


SurfRAID  LC8 


I 

i 

l 


•  8  Bay,  12  Bay  and  16  Bay  Models 

•  320GB  to  4TB/Chassis  (44TB/Rack) 

■  Dual  Host  Interfaces  -  All  Models 

•  Fibre  Channel  or  SCSI  Host  Interfaces 

•  Hot  Swap  Power  Supplies,  Fans  &  Disks 

•  Industry's  Lowest  Cost  per  Gigabyte 


R+tners  Data  Systems,  Inc. 
800-550-3005 
sal+s^partnersdata  .com 
www.Partnei-sData.com 


Ultra 


160  SCSI 


SAN  Ready 


TM 


AppDancer  /  FA 

Network  Flow  Analyzer 

•  An  Easy-To-Use  Network  Viewing  Tool 

•  Email  •  Database  «VoIP  *Web 

•  Identifies  Problems  Causing  Slow  Downs 

•  Monitors  Applications,  Network  Devices, 
and  Network  Traffic 

•  Affordable  ^fiLk  IkM 


free  Download! 

AppDancer"" 


BEST  OF  INTEROP 

NETW'  RLDINTEROP 

cmp_  mum  ee Times 


Call  Toll  Free 
800.825.7563 


AppDancer  Networks,  Inc. 

1000  Holcomb  Woods  Parkway 
Suite  426 

Roswell,  CA  30076-2585  USA 

email  info@AppDancer.com 

telephone  770.643.6800  USA 
web  www.AppDancer.com 


mum 


Contact  these  companies  today  to  help  you  with  your  training  needs! 


|  MeasureUp 

(678)  356-5000 
|  www.measureup.com 
Certification  Practice  Tests 


[  Transcender 

(615)  726-8779 
I  www.transcender.com 
Award-winning  practice  exams 
for  IT  certification 


Learnkey,  Inc.  ^ 

(800)  865-0165 
|  www.learnkey.com 
Self-paced  online  CD  network 
I  certification  developer  bus/apps 


CBT  Nuggets 

(888)  507-6283  &  (541)  284-5522 
www.cbtnuggeLs.com 
Inexpensive  training  videos  on  CD. 
MCSE,  MCDBA,  MCSD,  Cisco  CCNA,  Linux,  A+,  Net+ 


IPexpert,  Inc. 

(866)  225-8064 
I  www.ipexpert.net 
I CCIE  (R&S,  SEC,  and  C&S),  CCSP, 
CCNP,  CCNA,  and  IP  TELEPHONY 


o 


io  Afujb  ’/o  \\i  'Mi  i 

(300)  m-HO-i 


NetSmart  Learning  Partner 


we  auv  &  sell 

useo 

CISCO 

f=OUNOr^y 

JUNIF*EFK  rUVEFIS-rONE 

50-90%  Off  List  Price 
Largest  Inventory 
120  Day  Warranty 
Overnight  Delivery 
FREE  Configurations! 

S/rre/ves/s 

IDuosaL. 


1 800-908-9665 £%  | 

I  Call  Us  Today!  | 


genesisglobalinc.  com 


Smartronix  _ 

■r 


Network 
Test  Tool 

Bl; 


*699 

10/100  Ethernet  LAN  Tester 


PDA  Based! 


(Palm  ml05 
included) 


Design  Engineers: 

Evaluate  &  test  new 
equipment  under 
development 
Network  Engineers: 

Determine  faulty 
NIC  cards,  wiring,  & 
network  equipment 


►  Displays  network  utilization,  packets 
&  statistics 

►  Captures  &  generates  various  error 
packets 

►  Network  load  testing  function 

►  Full  auto  negotiation  &  DHCP  ready 


Toll  Free  1-866-442-7767 
www.smartronix.com/products 


FIBER  OPTIC 
SOLUTIONS 


•  Tl/El  &T3/E3  Modems 

•  RS-232/422/485  Modems  and 
Multiplexers 

•  IBM  3270  Coax,  AS400  Twinax.  and 
RS6000  Modems  and  Multiplexers 

•  LAN  -  Arcnet/LthemetToken  Ring 

•  Vidco/Audio/Hubs/Repeaters 

•  ISO-9001 


-  .  TC/'U 

a.i.  •  a»  w*  m 


Toll  Free  866-Sllech-l 
630-76 1  -3640,  Fax  630-76 1-3644 
www.sitech-bitdriver.com 


www.skechfiber.com 


We  Buy  &  Sell 

USED 

CISCO 

Juniper 

Extreme 

800.451.3407 

Since  1985 

50-90%  Savings 
Fully  Guaranteed 
Overnight  Delivery 

networkhardware.com 


iruiMi 

See  the  entire  Generation 
3.0  collection  at: 

BRETTS 

Luggage.  Leather  goods.  Gifts 
Pens.  Clocks. 
Lighters.  Games 

www.suitcase.com 


For  iv>ore  fnfomatfon 
on  advertlsw#  in 
^etwo rk  V/orWs  Marketplace 
contact;  Bf)k(J  Gopale^ 
800-G11-1108  ext. 
e^(itafe©nww^oiv> 


CISCO  NORTEL 

NEW  •  REFURB  /  BUY  •  SELL 


4ilP^ 

Truckload 

Sale 


Citca  Srirnis 


NGRTEL 

NETWORKS 


:iH  y__ _ _ _  4^1  Bay  Networks 

Fax  Equipment  List  To  801-377-0078 


888-8LANWAN  £SS 

Call  for  Free  Quote!  (888-852-6926)  www.nle.cotn 


ENTERPRISE 

Managed  SSL 


128  bit  -  Fully  Vetted 
99%  Browser  Coverage 

Central  Management  Real-Time  Deployment 

$49 

Enterprise  Discounts 
Enterprise  Sales  Group 
401-293-0119 

COMO  DO 

www.comodogroup.com 


Products 


purchased  as 


a,  result  of 


Marketplace  ads. 


y  Hubs 
S  Routers 


hmm 


m 


fry 


training 
S  Memory 
products 
S  Ethernet 
Cards 

S  Netware 
products 
S  Modems 
S  Testing 
equipment 
S  Multiplexers 
S  Files  Servers 
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Auction  By  Order  of  Secured  Parties  in  the  Motter  of 

ALLEGRO 

jiieifli 


THURSDAY,  APRIL  24  @  10:00  A.M.  (PST) 

6399  SAN  IGNACIO  AVE.,  SAN  JOSE 

INSPECTION:  WED.,  APRIL  23,  9AM-5PM  AND  MORNING  OF  SALE  FROM  9AM 


COMPLETE  LIQUIDATION  OF 

NETWORKING  &  TECHNOLOGY 


Networking  Equipment  •  Servers:  G4's,  Cisco  &  Sun  Ultras  •  PC's 
&  MACs  Notebooks  •  Test  &  Measurement  Equipment  from 
Tektronix,  Summit  Extreme  &  Others;  Oscilloscopes  &  More 


SEE  OUR  WEBSITE  FOR  MORE  INFORMATION: 

www.CowanAlexander.com 


CowanAlexander,  llc 

888-875-SOLD 


Terms:  10%  Buyer's  Premium.  25%  due  upon 
bid  award.  Cash/Cashier's  Check,  Business 
Check  w/Bank  Letter  of  Guarantee. 


FREE  Gift 
With  Every 
Purchase 


Call  1-888-746-6700 


www.securematics.com 


You've 
Got  Mail! 

Security  Problems? 


y 


SECUREMATICS 


SONICWALL 

Authorized  Distributor 


IT  CAREERS 


it  careers.com 


Programmer  Analyst  needed 
w/exp  in  s/w  systems  using 
COM/DCOM  technology 
w/Object  Oriented  Progra¬ 
mming  languages  using 
C++.  Define  &  develop 
Interfaces  using  ATL. 
Develop  User  Interfaces 
wA/B,  ASP,  DHTML  & 
VBScript  Send  resumes  to: 
Advanced  Computing 
Technologies,  Inc.,  3355 
Breckinridge  Blvd.,  Suite 
#128,  Duluth.  GA  30096.  No 
in  person  resumes/inter¬ 
views;  only  respond  by  mail. 


Programmer  Analyst  needed 
by  Lawrenceville,  Georgia 
based  Company  -  Bachelors 
degree  with  lyear  of  experi¬ 
ence  in  job.  Exp.  in  Skill  sets 
incl.  Java,  JSP,  Servlets, 
JDBC,  HTML,  XML,  UML, 
NT,  Visual  Basic  6.0,  and 
ASP  1.2,  Business  Objects, 
Crystal  Reports  5.0,  SQL 
Server,  JavaScript,  XML, 
and  C++.  Fax  resumes  to 
770-963-1465. 


Programmer-Analyst:  Design, 
develop  &  implement  applica¬ 
tion  software  using  Oracle 
Developer,  Reports,  etc.  Plan, 
develop  and  test  programs. 
Req:  2  yrs.  exp.  in  job  offered 
or  2  yrs  exp.  in  a  related  posi¬ 
tion  with  same  duties  &  2  yrs 
college  ed.  in  Computer 
Science  or  a  related  field. 
EOE.  Send  resume  to: 
Computer  Services  of 
America,  4640  Jefferson 
Davis  Hwy  #1,  N.  Augusta, 
SC  29841 


Programmer/Analyst,  Telecom¬ 
munications  co.  Must  have 
Bachelor’s  in  related  field  or  its 
functional  equiv.  in  training, 
educ.,  and  exp.,  and  min.  2  yrs 
exp  Analyze  and  design  user 
requirements  and  objectives: 
design,  develop,  configure,  and 
code  applications,  computer 
systems  and  subsystems. 
Perform  unit  and  system  testing 
40  hrs/wk,  9AM-5PM. 
Competitive  salary.  Send 
resume  to:  Global  Connection, 
ATTN:  HR,  3957  Pleasantdale 
Rd..  Atlanta.  GA  30340 


S/W  Graphic  Designer  to 
design,  modify,  maintain  exist¬ 
ing/new  web  sites  using  HTML, 
CSS,  ASP,  XML,  Flash,  under 
Mac  and  PC  envir;  Create/ 
refine  conceptual  designs  and 
ideas  into  computer/images 
using  Photoshop,  Illustrator. 
Dream  Weaver:  create  layouts 
based  on  layout  principles, 
design  concepts;  conduct  req. 
analysis/performance  testing. 
Require:  B  S.  or  foreign  equiv.  in 
CS/Graphic  Design/Fine  Arts 
with  2  yrs  exp.  Competitive 
salary,  f/t.  travel  involved.  Apply 
to:  HR.  Mindspan  Systems,  Inc., 
6050  Peachtree  Pkwy,  Ste  240- 
214,  Norcross,  GA  30092. 


Seeking  qualified  applicants  for  the 
following  positions  in  Memphis/ 
Collierville.  TN  Senior  Programmer 
Analyst  Formulate/define  function¬ 
al  requirements  and  documentation 
based  on  accepted  user  criteria 
Requirements  Bachelor  s  degree’ 
in  computer  science,  MIS.  engin¬ 
eering  or  related  field  plus  5  years 
of  experience  in  systems/applica- 
tions  development  Experience  with 
either  Java.  JSP,  EJB  or  J2EE:  and 
wnting  applications  that  interface 
with  relational  databases  (either 
Oracle,  Sybase,  SQL  Server  or  Ter- 
adata)  also  required  ’Master's  de¬ 
gree  in  appropnate  field  will  offset  2 
years  of  general  experience.  Sub¬ 
mit  resumes  to  Sibi  George.  FedEx 
Corporate  Services.  1900  Summit 
Tower  Blvd..  Suite  1400.  Orlando, 
FL  32810.  EOE  M/F/D/V. 


Senior  Web  Developer:  2  yrs. 
exp.  in  web-based  applic 
dvlpmt.  &  programming.  Must  be 
able  to  dsgn.,  dvlp.,  implement  & 
test  web-based  computer  appli¬ 
cations/programs.  BA/BS  in  CS. 
EE  or  closely  related  field. 
Relational  d/base  dsgn.,  stored 
procedures. DTS  packages. & 
data  normalization  Visual  Basic, 
Java  Script,  VBScript,  ASP, XML, 
HTML,  DHTML.  COM/DCOM/ 
MTS  Applications/Platforms/ 
Protocols:  SQL  Server.  IIS, FTP, 
STMP  &  SSL  Mail  resume  to: 
M.  Barry,  Memberworks  Inc.,  9 
W.  Broad  St.,  Stamford,  CT 
06902. 


Programmer  Analysts  to  ana¬ 
lyze,  develop,  maintain  software 
appls  using  Oracle  Applications, 
Oracle,  PL/SQL,  Dev  2000,  etc 
under  Windows/UNIX  OS;  con¬ 
duct  functional  testing  and 
debugging;  perform  data  con¬ 
versions,  customize  Forms/ 
Reports  using  Oracle  App¬ 
lications  standards;  document, 
maintain  &  update  development 
process.  Require:  BS  or  foreign 
equiv.  in  CS/Engg.  (any  branch) 
or  related  field  &  2yrs  of  exp.  in 
IT.  Travel  involved.  F/T  position. 
Competitive  salary.  Resume  to: 
HR,  Quest  America, Inc.,  211 
East  Ontario  Street,  Suite  1800, 
Chicago,  IL  60611 


LLEORNA  Enterprises,  a 
provider  of  software  consult¬ 
ing  services,  seeks: 

Senior  Systems  Integration 
Engineer.  BS  or  equivalent  in 
Computer  Sci,  Engineering  or 
related  +  6  yrs  exp  in  SW 
engrng,  programming  or  relat¬ 
ed.  Also  2  yrs  exp  in  Windows 
&  Unix  systems  admin;  knowl- 
edge/backgrnd  in:  RDBMS; 
CGI;  and  Perl,  C++  or  Java; 
backgrnd  in  power  utilities/ 
energy  industry  Mail  resume 
to:  2243  Shannon  Dr.,  South 
San  Francisco,  CA  94080. 


Programmer  wanted  by 
Application  Systs  Dvlpr  Co 
in  CA.  Perf  analysis,  design 
and  program  software  appl 
products;  design  &  imple¬ 
ment  customized  bus  solu¬ 
tions;  analyze  &  write 
design  and  prog  specs; 
assist  in  design  &  code 
reviews;  troubleshoot.  Bach 
in  Comp  Sci  or  Comp 
Engineering  &  2yrs  exp  in 
job  offered  req.  Respond  to: 
Office  Mngr/Plaid  Bros,  26 
Technology  Dr,  Irvine,  CA 
92618. 


Sr.  Software  Engineer  needed 
w/exp  to  research,  analyze, 
dsgn,  perform  functional 
analysis,  dvlp  &  maintain 
compliance  web  applies  using 
VB,  COM,  COM+,  MTS,  ASP, 
XML  &  XSL.  Dsgn,  dvlp  &  test 
comp  s/ware  systms  in  con¬ 
junction  w/hardware  product 
dvlpmt  using  IIS,  Java  Script, 
VB  Script,  HTML,  Sybase  & 
SQL  Server.  Provide  tech 
support.  Send  resumes  to: 
Fidelity  Investments,  HR,  82 
Devonshire  St,  Boston,  MA 
02109. 


Proarammer/Analyst: 

Central  Illinois  domestic  live¬ 
stock  farm  seeking  candidate 
to  design,  develop  and  sup¬ 
port  the  maintenance  of  a  con¬ 
trol  system  to  monitor  and 
analyze  the  behavior  of 
domestic  livestock.  Must  have 
Bachelor's  degree  and  two 
years  experience  in  Computer 
Programming  or  equivalent 
with  biology  minor.  Practical 
experience  with  domestic  live¬ 
stock  is  preferred.  Send 
resume  to  Matti  Shalev, 
Forrest  Farms,  703  N.  Center 
Street,  Forrest,  IL  61741. 


Mezztech  Systems,  Inc 
is  hiring  all  levels  of 
software  engineers. 
Send  resumes  to 
Mezztech  Systems,  Inc, 
1825  De  La  Cruz  Blvd, 
Suite  201,  Santa  Clara, 
CA  95050.  May  be 
placed  at  unanticipated 
client  sites  nationwide. 


ShellSoft  has  several  openings  for 
computer  professionals  and  pro¬ 
ject  engineers  Duties:  Design, 
develop,  analyze,  test,  implement 
&  maintain  software  and  computer 
systems  to  meet  client's  needs; 
design,  develop  and  implement 
web  and  N-tier  applications  using 
UML,  Java  including  Enterprise 
Java  Beans.  Servlets,  JSP  and 
XML;  migrate  legacy  applications 
and  develop  interfaces  between 
legacy  applications  and  ERP  sys¬ 
tems  using  SQL'Loader,  PL/SQL. 
Traveling  is  required  for  some 
positions  Minimum  requirement  is 
MS  or  BS  with  experience 
Send  resumes  to: 


Tech  Jobs— KOLLURI  ASSOCI¬ 
ATES  INC.  Software  Consulting 
Firm  and  Web  Development  Com¬ 
pany  is  seeking  qualified  profes¬ 
sionals  (Bachelors  degree  +)  for 
the  following  nationwide  positions: 
Programmer  Analysts,  Systems 
Analysts,  Web  Developers  (Java, 
ASP,  Coldfusion),  ERP/CRM  Pro¬ 
fessionals  (SAP.  BaaN),  Client 
Server  Professionals  (C,  C++. 
VC++,  VB),  Systems  Administra¬ 
tors  (UNIX,  Sun  Solaris,  HP-UX. 
AIX),  Database  Administrators 
(Oracle,  Sybase,  SQL  Server). 
Excellent  salary  and  benefits  pack¬ 
age  available.  Fax  or  mail  resumes 
to  HR  Department.  Kolluri 
Associates  Inc..  3005  Katharine 
Place,  Ellicott  City,  MD  21042,  Fax: 
877-356-4998. 


Computers 

SOFTWARE  ENGINEER 

(Austin,  TX) 

C&T  Consulting  is  seeking  a 
Software  Engineer  to  develop 
student  loan  applications.  Must 
have  a  B.S.  in  Computer 
Science  or  a  related  field  and 
experience  with  J2EE/Java, 
XML,  NCHELP  CommonLine 
Version  4&5  and  FFELP  Student 
Loan  Program.  PeopleSoft, 
Functional/Technical, 
ADABAS/Natural,  .net  opportu¬ 
nities  also  available.  Send 
resume  to:  candt@io.com  and 
reference  job#825.  EOE 


Sr.  S/ware  Engr.  wanted  by 
a  s/ware  develop.  Co.  in 
Sacramento,  CA.  Will 
develp.  and  customize  Co. 
s/ware  prod,  for  far  eastern 
Pacific-Rim  mkts.  Req. 
Bach  deg  in  CS  or  Comp. 
Engr.  with  fluency  in  written 
and  spoken  Japanese  & 
understanding  of  Japanese 
&  eastern  Asian  lang.  char¬ 
acter  code  sets.  Mail 
resume  to:  HR,  Unify 
Corporation,  2101  Arena 
Blvd.,  Ste  100, 
Sacramento,  CA  95834. 


HK  Systems  is  a  leading  automated 
material  handling  and  supply  chain 
execution  software  total  solutions 
provider.  We  are  looking  for  IT  pro¬ 
fessionals  and  technical  writes. 
Candidate  must  have  degree  with 
experience  in  related  field.  Please 
contact  infoffihksvstems.com. 
EOE. 

RW3  Technologies  is  a  leading 
provider  of  CRM  solutions  for 
Consumer  Packaged  Goods  indus¬ 
try.  It  has  opening  for  program¬ 
mer/computer  analyst  Minimum 
requirement  is  BS  with  experience 
in  Crystal.  SQL.  Apache  Send 
resume  to  1033  Laposada,  Ste 
250.  Austin.  TX  78752 


COMPUTERS 

Radiant  Soft  Sol,  Inc.,  a 
S/ware  Consulting  Comp., 
seeks  to  fill  the  following 
Multiple  Openings  in  Arlington 
Heights,  IL  &  unanticipated 
locations  in  the  US:  Sr. 
Software  Consultants  (BS  +  3 
yrs  exp),  Business/  Systems/ 
Programmer/QA  Analysts  (BS 
+  2  yrs  exp.),  Database 
Analysts  (BS  +  3  yrs  exp  ), 
Network  Analysts  (BS  +  2  yrs. 
exp.)  and  IT  Managers  (BS  + 
3  yrs  supervisory  exp). 
Respond  by  resume  to  HR, 
855  E.  Golf  Road,  #1125, 
Arlington  Heights,  IL  60005. 


Software  Engineers  to  analyze, 
design,  develop/customize  busi¬ 
ness  appls  using  Oracle  Fin. 
and  Manuf.  Appls,  Oracle,  SQL, 
PL/SQL,  Dev  2000,  Designer 
2000  etc.  under  Windows,  UNIX 
and  Sun  Solaris  envir;  interact 
with  end  users,  gather  and  doc¬ 
ument  reqs;  prioritize  functional 
specs  formulated  from  user 
reqs;  evaluate  product  function¬ 
ality  and  design  to  assure  quali¬ 
ty.  Require:  Masters  or  foreign 
equiv.  in  CS/Engg. (any  branch)/ 
Science/Bus.  Mgmt.  Travel 
involved.  F/T  position.  Comp¬ 
etitive  salary.  Resume  to:  HR, 
Quest  America, Inc.,  211  East 
Ontario  Street,  Suite  1800, 
Chicago,  IL  60611 


System  Administrator  needed 
w/Bachelors  degree  in  Comp. 
Scie.  or  Engg.  or  Math.  Must 
have  exp  to  install  &  maintain 
Intel  based  servers  w/OS  of 
Windows  NT,  2000  &  Unix/Linux. 
Configure  &  route  Cisco,  Linksys 
routers  &  switches,  Watch  Guard 
&  Proxy  Firewalls.  Maintain  NFS, 
FTP,  DNS,  WINS,  DHCP  &  RAID 
Array  System,  Provide  mainte¬ 
nance  &  backup/restore  for 
servers  using  Arc  Serve,  Legato 
&  Backup  Exec.  Install  &  admin¬ 
ister  on  line  proofing  software. 
Send  resumes  to:  The  Printery, 
2405  S.  Moorland  Rd,  New 
Berlin,  Wl  53151.  No  in  person 
resumes/interviews;  only  res¬ 
pond  by  mail  or  e-mail  at 
Donnar@printerywi.com 


Corporate  Computer  Services 
(CCS)  has  multiple  openings  for 
System/Programmer  Analysts  for 
both  entry  &  experienced  levels 
(minimum  BS).  Skills  in  following 
areas  C/C++,  VB,  Oracle  are  plus. 
We  are  small  but  we  do  not  lay  off. 
Attractive  wage  w /  benefits.  Apply 
HR@ccsiusa.net 

VIA  Information  Tools,  Inc.  pro¬ 
vides  flexible  manufacturing  exe¬ 
cution  systems  that  solve  specific 
business  problems  It  is  looking 
for  IT  professionals,  system  ana¬ 
lysts.  Candidates  must  have 
experience  in  TCP/IP,  IPX/SPX. 
Contact  alllson  elmer@via-it.com 
EOE 


We  Do 

A 

Better 


Helping  You 
Get  One. 

iTlcareers.com 


2 


Computerworld  •  InfoWorld  •  Network  World  •  April  14,  2003 


IT 


careers 


IT  CAREERS 


it  careers.com 


Software  Engineer  (NY,  NY) 
Perform  system  analysis  & 
design  applic  Formulate  syst 
scope  &  objectives  &  prepare 
specs  Make  tech  presentations 
to  clients  in  energy  sector,  incl 
prototyping  &  documenting  pro¬ 
posals  Design  &  develop  cus¬ 
tom  Risk  Analytic  Applications 
utilizing  Visual  C++,  ASP.NET, 
C#.  SQL  Server  &  Windows  NT. 
Identify  problems  in  existing  sys¬ 
tems  &  devise  software  solu¬ 
tions  using  ASPNET  and  C#. 
Bach,  in  Comp  Info  Syst,  Comp 
Sci,  Comp  Appl  or  foreign  equiv. 
&  3  yrs  exp  in  job  or  4  yrs  in 
related  job  of  Softwr  Dvlpr  or 
Progmr.  Related  job  must  incl 
exp  w/design  &  devlpmt  of  Risk 
Analytic  Applications,  Visual 
C++.  ASPNET  and  C#.  Fax 
resume  to  212-888-0055. 


Programmer  Analyst.  8am-5pm 
40  hrs/wk.  Analysis,  design, 
development,  implementation, 
programming  in  Dibol,  Cobol, 
RDO,  DTR,  JDBC,  RMI,  C, 
Java,  VisualBasic6.0,  ActiveX, 
Crystal  Reports  and  data 
reports.  Bach,  of  Science  or 
equivalent  in  Computer  Science 
or  Engineering,  Information 
Systems  Management,  Elec¬ 
trical/Electronics  Engineering  or 
related  field.  1  year  exp.  in  job 
offered  or  as  computer  profes¬ 
sional  with  above  computer 
skills.  JD  Consultants,  Inc.,  5200 
Lancaster  Ave.,  Philadelphia, 
PA  19131. 


IT  co  seeks 

Data  Base  Design  Analysts  (2) 
Design/develop  logical/physical 
databases;  develop  data  models 
describing  data  elements  using 
knowledge  of  database  mgmt.  sys¬ 
tems  incl.  MS  SQL  Server,  Visual 
Basic,  Active  Server  Pages,  Java. 
C++.  Req.  M  S.  Comp.  Sci,  and  3- 
6  mos.  exp 
Programmer/Analyst 
Plan,  develop,  test  and  document 
computer  programs/software  pack¬ 
ages  using  software  logic,  prog, 
languages,  statistical  programs  and 
Shell/Java  Script,  AIX,  Solaris, 
Oracle  8x/Forms  6i,  Visual  Source¬ 
Safe.  Req.  M.S.  Comp.  Sci.  Mail 
resumes  to  HR,  Technion  Com¬ 
munications  1260  N.  University  Dr., 
Ste  200,  Plantation,  FL  33322 


Junior  Programmer.  Asst  in 
writing  program  specifica¬ 
tions  &  code  commensurate 
to  IDS  coding  style  &  stan¬ 
dards  w/use  of  C,  C++  and 
Visual  Basic  programming 
on  UNIX  &  Windows  operat¬ 
ing  systems  under  IDS  stan¬ 
dards.  Req:  BS  in  Comp. 
Eng.,  Elect.  Eng.,  or  Comp. 
Sci.  40hrs/wk.  Job/Interview 
Site:  LA,  CA.  Send  resume 
to  Integrated  Decision 
Systems,  Attn.  Dept  30, 
11150  W  Olympic  Blvd.,  LA, 
CA  90064 


Technosoft  Corporation  has 
multiple  openings  for  Pro¬ 
grammer/Analyst,  Software 
Engineer,  Project  Lead/ 
Manager.  Applicants  should 
have  strong  skills  in  Java, 
Per,  Siebel,  Oracle/Informix 
DBA,  GUI,  Java  C++,  CRM 
Applications,  ERP  & 
Dataware-housing.  Send 
resume  to:  3071  Lawrence 
Expressway,  Santa  Clara, 
CA  95051  or  email  to 
jobs@technosoft-Corp.com 


Manager,  Software  Engineering 

Wave  Three  Software.  Inc.  is  a  pri¬ 
vately  held,  cutting-edge  engineer¬ 
ing  company  that  develops  and 
licenses  software  for  desktop  com¬ 
munication  and  collaboration.  We 
are  currently  looking  for  a  Manager 
of  Software  Engineering  who  can 
lead  our  team  in  taking  the  existing 
product  suites  and  creating  the 
WolP  products  of  the  future. 

The  successful  candidate  will  be 
hands-on  in  the  designing,  coding, 
testing  and  delivery  of  the  software 
products.  A  Bachelor’s  degree  in 
Computer  Science  or  Computer 
Engineering  or  working  equivalent, 
and  a  minimum  of  five  year’s  expe¬ 
rience  creating  industry  leading 
audio/video  communications  soft¬ 
ware  is  required.  Excellent  knowl¬ 
edge/experience  with  C/C++  pro¬ 
gramming,  object-oriented  design, 
software  design  and  development 
tools,  software  optimization  and 
real-time  software  development  is 
required.  A  solid  foundation  and 
working  knowledge  of  audio  and 
video  encoding  and  decoding  algo¬ 
rithms  and  techniques  as  well  as 
exposure  to  multiple  platforms  and 
networking  concepts  (PC.  Mac, 
Unix.  TCP/IP)  is  required.  Prior 
experience  with  developing  net¬ 
working  solutions  for  IP  and  tele¬ 
communication  signaling  and  data 
protocols  including  a  working 
knowledge  of  H.323,  ISDN,  ATM, 
SIP.  SDP,  RTP.  Superior  written 
and  verbal  communication  skills 
are  also  necessary.  A  proven  track 
record  of  leading  a  project  from 
beginning  to  end  is  a  must.  Prior 
experience  working  in  a  shrink- 
wrapped  software  environment  is  a 
plus. 

Only  qualified  candidates  are 
encouraged  to  e-mail  their  resumes 
in  Word  format,  to  resume@wave3 
softwarq.com.  EOE. 


Systems  Analysts  to  analyze, 
design,  develop  s/w  for 
Wireless,  Data  Communication 
using  J2EE,  XML,  C,  C++,  SQL, 
SMPP,  WAP,  XHTML,  3G, 
Oracle,  etc.  under  Oracle  Mobile 
Server  9iAS  WE.  UNIX,  Sun 
Solaris  etc;  perform  reqs  gather¬ 
ing,  design  process,  design 
reviews,  code  peer  reviews, 
customize  and  enhance. 
Prog/Analysts  to  analyze, 
design  appls  using  C,  C++, 
Java,  HTML,  VB,  JavaScript, 
SQL,  Oracle,  MS  Access  under 
Windows,  UNIX  OS;  study,  eval¬ 
uate  new  technologies/method¬ 
ologies;  gather,  document  reqs 
from  user  community;  test/trou¬ 
bleshoot  project  appl  code. 
Require:  BS  or  foreign  equiv.  in 
CS/Engg.  (any  branch)  with  2 
yrs  exp.  High  Salary.  Travel 
involved.  F/T.  Apply  to:  HR, 
Unilinx,  Inc,  4625  Alexander  Dr., 
Ste  110,  Alpharetta,  GA  30022 


F/T  Computer  Support  Specialist. 
Responsible  for  scoping,  planning 
and  implementing  legacy  applica¬ 
tion  extension  projects  and  training 
customer  personnel  in  tool  use. 
100%  travel.  Requires  in-depth 
knowledge  of  J  Walk,  GUI/400, 
Win  Ja  and  I  I  I.  Must  have  3  yrs. 
of  exp.  Work  background  must 
have  included  providing  technical 
support  services  to  software 
and/or  network  end  users  and  sup¬ 
porting  J  Walk,  GUI/400  &  TTT 
customers  across  a  variety  of 
industries.  Salary:  Competitive. 
Send  Resume  to:  HR-Ref:  TS, 
SEAGULL,  3340  Peachtree  Rd„ 
Atlanta,  GA  30326.  Reference  this 
ad.  No  phone  calls  please. 


Analyst/Architect  sought  by 
NJ  based  Securities  Dealer 
for  Jersey  City,  NJ  office. 
Must  possess  Bachelor’s 
degree  or  equivalent  in 
Computer  Science  or  directly 
related  field  and  5  years  exp. 
in  software  development/ 
design/analysis.  Exp.  must 
include  C/C++,  JAVA. 
Respond  to:  Human 

Resources  Department 
#KFP02-98,  Knight  Financial 
Products,  130  Cheshire  Lane, 
Suite  102,  Minnetonka,  MN 
55305. 


Consultant  Software  Engineer 
(Database  Administrator)  to 
develop  Oracle  &  Solaris  data¬ 
base  applications  for  entire 
product  life  cycle  of  Co's  global 
online  equity  trading  systems, 
from  product  inception  to 
release.  Will  design,  develop, 
package,  monitor  production 
and  provide  support  for  these 
database  systems;  participate  in 
code  &  design  reviews  for  each 
product;  perform  unit  testing 
and  systems  testing;  write  appli¬ 
cations  in  Java;  use  data  mod¬ 
eling  development  tools  includ¬ 
ing  Power  Designer;  design 
database  models  &  develop 
code  for  stored  procedures  in 
SQL  database  languages;  and 
perform  database  system  appli¬ 
cation  design,  modeling  and 
coding  in  Java  and  XML. 
Requires  Bachelor's  in  C.Sc., 
Engineering,  Math,  or  Physics 
plus  5  years  experience  in  job 
offered,  OR  5  yrs  in  database 
application  development;  Altern¬ 
atively,  will  accept  Master’s  in 
C.Sc,  Eng,  Math,  or  Physics 
plus  3  years  in  job  offered,  OR 
3  yrs  in  database  application 
development.  Candidate  must 
also  possess  demonstrated 
expertise  administering  OLTP  & 
data  warehousing  databases 
and  demonstrated  expertise  in 
back-end  Oracle  database 
development  using  PL/SQL, 
Unix,  Shell  scripting,  Java  8 
XML.  Salary:  $91.000/yr,  M-F. 
9AM-5:30PM.  Send  2  resumes 
to  Case  #200116234,  Labor 
Exchange  Office,  19  Staniford 
Street,  1st  fl. ,  Boston,  MA 
021 14.  EOE.  Applicants  must  be 
workers  eligible  to  accept  full¬ 
time  employment  in  U.S. 


SOLUTION  ARCHITECT.  Gather  & 
anlyze  data  &  info  systematiclly; 
make  timely  &  sound  decisns  con- 
crng  moderately  complex  probs 
that  req  special  understdg  of  inter- 
rltd  areas  of  tech  knwldge;  demnstrt 
knwldge  of  multi-vendor  ntwk, 
applicatn  &  pltfrm  solutns;  monitor 
local  &  nat'l  training  needs  to  dev  & 
deliver  training  solutns;  install  & 
configure  ntwks,  applicatns  &  plt- 
frms  using  variety  of  indstry  prod¬ 
ucts  &  technlgies  (TCP/IP,  computr 
HW  (driver)  devlpmt  procss  &  QC 
procss),  create  clear  &  concise  tech 
propsals/docmts  for  intrnl  &  extrnl 
sources;  using  knwldge  &  tech 
issues  of  computrs  in  general  &  IT 
indstry  to  provide  asstnce  on 
enhancing  technlgy  for  Help  Desk 
operatns,  Sys  Mngmt  or  Ntwk 
Mngmt;  &  plan  &  execute  variety  of 
task  &  mnge  details  for  complx  pro- 
jets.  Req:  Bach  degr  or  foreign 
equiv*  in  CS.  CE,  EE  or  rltd  +  4  yrs 
exp  in  job  offrd  or  in  rltd  occupatns 
as  Tech  Consultant,  Product 
Specialist,  Engrg  or  rltd.  Knwldge 
&/or  exp  w/following:  TCP/IP,  QC 
procss,  computr  HW  (driver) 
devlpmnt  &  tech  supprt  for  L  series 
computrs.  *lf  no  degr  or  unrltd  degr, 
emp  will  accpt  3  yrs  exp  in  job  offrd 
or  in  rltd  occupatns  for  ea  yr  not 
compltd  toward  req  degr.  Sal: 
$79,389/yr.  Jobsite:  Omaha,  NE. 
8am-5pm,  40  hrs/wk.  Send  resume 
to:  Attn:  Madhavi  Bhadbhade,  Job 
Order  #  SBAH5-KTTX3-92414.  NE 
Workforce  Devlpmt,  P.O.  Box 
94600,  Lincoln,  NE  68509.  Must 
have  proof  of  legal  authority  to  work 
in  U.S. 


Digital  Nervous  System,  Inc.  seeks 
Actuate  Developer.  Responsible 
for  functioning  as  part  of  a  3  mem¬ 
ber  team,  which  carries  the  re¬ 
sponsibilities  of  designing,  devel¬ 
oping,  and  implementing  all  report¬ 
ing  functionality  within  Callidus 
commissioning  program.  Respon¬ 
sible  for  mentoring  and  instructing 
the  full  time  team.  Requires  expe¬ 
rience  with  Actuate,  Sql  server, 
SQL,  SQL  LOADER,  DB2,  C. 
Oracle,  and  HTML.  Requires  a 
Bachelor's  degree  in  Engineering 
or  related  field  plus  four  (4)  years 
experience.  Full  time.  Please  send 
resume  to  DNS  -  532  Patterson 
Ave.,  Ste.  160,  Mooresville,  NC 
28117.  EOE. 


Principal  Consultant  Software 
Engineer/Developer  to  analyze, 
architect,  and  design  n-tiered 
products/applications  using 
Java  2  Enterprise  Edition 
Technology.  Will  utilize  UML 
Modeling  language  in  perfom- 
ing  object-oriented  (OO)  analy¬ 
sis  and  application  design.  Will 
serve  as  Technical  Lead  in  ana¬ 
lyzing,  architecting,  designing, 
and  implementing  applications 
involving  Java  Messaging 
Service  (JMS)  Technology  over 
IBM's  MQ  Series.  Will  provide 
direction  to  Design  and 
Development  Team  in  adopt¬ 
ing  appropriate  technologies, 
techniques,  and  methodologies, 
and  work  with  team  to  re-engi- 
neer  applications  so  that  they 
use  the  appropriate  technolo¬ 
gies.  Requires  Bachelor's 
degree  in  Computer  Science, 
Engineering,  Mathematics  or 
Physics  plus  five  (5)  years  expe¬ 
rience  in  Job  Offered  OR  five 
(5)  years  experience  in 
client/server  applications  devel¬ 
opment  OR,  in  the  alternative, 
Master's  degree  in  Computer 
Science,  Engineering,  Math¬ 
ematics  or  Physics,  plus  three 
(3)  years  in  Job  Offered  OR 
three  (3)  years  experience  in 
client/server  applications  devel¬ 
opment.  Candidate  must  also 
possess  demonstrated  expertise 
developing  n-tier  web-based  dis¬ 
tributed  systems  in  Java  and 
C++,  demonstrated  expertise  in 
object-oriented  analysis  and 
design  of  applications/products 
using  UML  modeling  language, 
and  demonstrated  expertise 
integrating  n-tier  systems  with 
back-end  legacy  systems. 
Salary:  $90.000/yr,  M-F,  9AM- 
5PM.  Send  2  resumes  to  Case 
#200200469,  Labor  Exchange 
Office,  19  Staniford  St.,  1st  fl., 
Boston.  MA  02114.  EOE. 
Applicants  must  be  eligible  to 
accept  full-time  employment  in 
U.S. 


CONSULTING  ENGINEERS.  Sup¬ 
port  customers  for  the  analysis  and 
design  problems  in  the  fields  of 
structure,  fluid  flow,  heat  mass 
transfer  and  material  processing. 
Develop,  implement  and  maintain 
computer-aided  engineering  soft¬ 
ware  in  modeling  creep-related 
fatigue  and  other  structural,  fluid 
flow,  heat  mass  transfer  and  mate¬ 
rial  processing  problems,  using 
finite  element  coding,  Patran  PCL 
language,  and  FEA  software  sys¬ 
tems  (multiple  openings).  Requires 
M.S.  in  Mechanical  Engineering; 
experience  or  education  must  in¬ 
clude  numerical  modeling  of  creep- 
related  fatigue  problems,  evi¬ 
denced  by  Masters  thesis  work  or 
at  least  on  publication  in  this  field; 
finite  element  coding  in  the  fields  of 
structural,  fluid  flow  and  heat  mass 
transfer;  and  use  of  Patran  soft¬ 
ware,  Patran  Customization  Lan¬ 
guage  (PCL),  and  Finite  Element 
Analysis  (FEA)  software  systems. 
Must  have  current  authorization  to 
be  permanently  employed  In  the 
United  States.  Send  resume  with 
Social  Security  Number  to  Sinan 
Ecer,  Technalysis,  Inc.,  7168 
Zionsville  Rd.,  Indianapolis,  IN 
46268. 


Prog.  Analysts  to  analyze, 
design,  maintain  appls  using  C, 
Java,  HTML,  VBScript,  ASP,  MS 
SQL,  Rational  Rose  under 
Windows  OS;  design,  implement 
GUI  and  RDBMS  using  VB,  Dev 
2000,  Oracle,  MS  Access,  SQL 
Server.  Require:  B.S.  or  foreign 
equiv.  in  CS/Engg  (any  branch) 
&  2  yrs  of  exp.  in  the  field.  S/W 
Enggs  to  design,  develop,  test, 
implement  appls  using  C,  C++, 
Oracle,  SQL  Server,  MS  Access 
on  Windows,  Unix;  design, 
develop  web  appls  using  HTML, 
Java,  ASP,  JDK,  CGI,  JScript; 
provide  training  and  user  sup¬ 
port  for  the  systems  appln  soft¬ 
ware/hardware  to  team  and 
clients;  debug  and  modify  exist¬ 
ing  software.  Require:  M.S.  or 
foreign  equiv.  in  CS/Engg.  (any 
branch)  with  1  yr  exp.  in  the 
field.  High  salary.  F/T.  Travel 
involved.  Resume  to:  Infosmart 
Technologies,  385  Leatherman 
Ct, Alpharetta,  GA  30005. 


The  MathWorks 
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The  MathWorks  leads  the  market  in  developing  and 
delivering  high  performance  interactive 
software  products  such  as  MATLA8®  to  the 
engineering  and  scientific  communities.  We 
have  the  following  positions  available  at  our 
offices  in  Natick,  MA 

•  Training  Engineer 

•  Numerical  Analyst 

•  Simulink/Real-fime  Workshop  DSP 
Developer 

•  Technical  Consultant 

•  Senior  DSP  Quality  Engineer 

•  Senior  Communication  Quality  Engineer 

•  Senior  Simulink  Applications  j 

Quality  Engineer 

•  MATLAB  Community  Online  Manager 

•  Senior  Software  Engineer 

•  Applications  Engineer 

•  Simulation  &  Real-Time  Technologies 
Developer 

•  DSP  Blockset  Applications  Senior 

Team  Leader 

The  aforementioned  positions  are  available  at  all 

h* 

levels  and  require  a  minimum  of  a  B.S.,  M.S.,  or 

■<* 

Ph.D.  and  0-8  years  experience. 

Additional  Opportunities  in  the  Following  Areas: 

•  Software  Development  •  Technical  Marketing 

•  Human  Resources  •  Finance 

o 

•  Product  Training  •  Marketing 

For  fastest  consideration  interested 

u 

candidates  should  e-mail  their  resume, 

0 i 

indicating  position  of  interest,  to 

i  CL  resumes@mathworks.com. 

o 

Attn:  Human  Resources  -  Job  Code:  CW403, 

The  MathWorks,  Three  Apple  Hill  Drive, 

"S 

Natick,  MA  01760-2098. 

> 

Oi 

Q 

We  are  an  equal  opportunity  employer. 

MATLAB,  Simulink,  Stateflow,  and  Real-Time  Workshop  are  all 
registered  trademarks  of  The  MathWorks 

__ J 

www.mathworks.com 

SENIOR  PROGRAMMER/ 
ANALYSTS 

MARA  CONSULTING,  INC.,  a 
California-based  Corporation,  has 
immediate  openings  for  Senior 
Programmer/Analysts  with  at  least 
five  years'  experience  in  Natural/ 
ADABAS/Programming  who  have 
worked  on  IBM  mainframe  plat¬ 
forms  utilizing  MVS/XA  ESA  and 
OS/390  Operating  Systems.  Appli¬ 
cants  must  also  have  at  least  four 
years  of  formal  academic  training  in 
computer  data  processing,  Compu¬ 
ter  Science  or  a  related  field  culmi¬ 
nating  in  government  diplomas  or  a 
Bachelor's  Degree.  Must  be  willing 
to  travel  from  the  Sacramento, 
California  area  to  temporary  work 
sites  throughout  the  United  States 
to  be  paid,  at  least,  the  prevailing 
wage  in  that  area.  Employees  will 
remain  employed  by  MARA  CON¬ 
SULTING,  INC.,  fwww.maracon 
sultina.com)  with  continuing  bene¬ 
fits.  Send  your  resume  with  current 
address  and  telephone  number  to 
MARA  CONSULTING,  INC.,  8577 
Almond  Bluff  Court,  Orangevale, 
CA  95662  or  email  to 
maracons@oacbell.net.  EOE 


Opening  for  a  Software 
Engineer  to  design,  develop, 
test  internal  appls  using  VB, 
HTML/DHTML,  ASP,  Javascript. 
VBScript.  ActiveX,  IIS,  etc. 
under  Windows  OS;  evaluate 
new  methodologies  and  develop 
plans  for  improving  existing  sys¬ 
tems;  customize  and  modify 
appls  per  user  reqs;  maintain 
documents  and  prepare  pro¬ 
gramming  specs;  train  users  in 
application  usage.  Require:  MS 
or  foreign  equiv.  in  CS/  Comp 
Engg  &  2  yrs  exp  in  IT.  F/T  posi- 
tion.Salary  commensurate  with 
experience.  Resume  to:  HR, 
Learning  Express.  Inc.,  29 
Buena  Vista  Street,  Ayer.  MA 
01432. 


SYSTEMS  ANALYST:  IT  com¬ 
pany  requires  System  Analyst  to 
develop  full-life  cycle  software 
for  large  multinational  telecom¬ 
munication  company,  maintain 
repository  conferencing  data 
using  Java,  CORBA,  C/C++, 
Rational  Rose,  Websphere  and 
ORACLE  RDBMS.  Perform 
graphical  user  interface  cre¬ 
ation,  architecture  upgrade,  test¬ 
ing,  and  production  support, 
using  Visual  Cafe,  Rational 
Rose  (UML),  Developer  2000, 
Optimizelt,  Windows  2000  and 
UNIX.  Experience  in  audio  and 
Net  conferencing  system  is  a 
must.  Master's  degree  in  com¬ 
puter  science,  engg,  or  related 
field  and  relevant  experience. 
Send  resume  to  Vivian 
Fernandes,  Manager  Res¬ 
ources,  MBT  International,  Inc., 
1155  Kelly  Johnson  Blvd.,  Suite 
111,  Office  #11,  Colorado 
Springs,  CO  80920  or  email  at: 
career@us.mahindrabt.com 


IT  Consulting  Firm  has  multi¬ 
ple  positions  open: 

•  Client  server  developers 
using  Visual  Basic, 

Visual  C++,  MS  ACCESS, 
SQL  Server,  OLAP 

•  Web-based  developers 
using  ASP,  .net 

•  QA  testers  (automated) 

Send  resume  &  cover  letter  to: 

itcg-phoenix@spherion.com 


Become  a  Microsoft  Windows  2000  Security  Expert. 

It's  easy.  Just  point,  click  and  choose  the  format  that  works  best  for  you: 
•CD-ROm  •Uleb-Based  •Hands-On  •Uirtual  Classroom 

Uisit  iletSmart  todau  at  www.nwnetsmart.com 
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Sales  Offices 


f&jfu  Carol  Lasker,  Associate  Publisher/Vice  President 
'•  Jane  Weissman,  Sales  Operations  Coordinator 

Internet:  c tasker,  iweissman@nww.com 
(508)  460  3333/FAX  (508)  460-1237  _ 

New  York 'New  Jersey 

Tom  Davis.  Associate  Publisher,  Eastern  Region 
Elisa  Della  Rocco,  Regional  Sales  Manager 
Agate  Joseph,  Sales  Associate 
Internet:  tciavis,  elisas,  ajoseph@nww.com 
(201)  587-0090/FAX:  (201)  712-9786 

Northeast 

Donna  Pomponi,  Regional  Sales  Manager 
Caitlin  Horgan,  Sales  Assistant 
Internet:  dpornponi,  chorgan@nww.com 
(503)  460-3333/FAX:  (508)  460-1237 

Mid  Atlantic 

Jacqui  DiBianca,  Regional  Sales  Manager 
Marta  Hagan,  Sales  Assistant 
Internet:  jdibian,  mhagan@nww.com 
(610)  971-1530/FAX:  (610)  975-0837  _ 


Midwest/Central 

Eric  Danetz,  Regional  Sales  Manager 
Agata  Joseph,  Sales  Associate 
Internet:  edanetz,  ajoseph@nww.com 
(201)  587-0090/FAX:  (201)  712-9786 


Northern  California 

Sandra  Kupiec,  Associate  Publisher,  Western  Region 

Karen  Wilde,  Regional  Sales  Manager 

Miles  Dennison,  Regional  Sales  Manager 

Berit  Einsiedl,  Sales  Assistant 

Internet:  skupiec,  kwilde,  mdennison, 

beinsiedl@nww.com 

(650)  577-2700/FAX:  (650)  341-6183 

Northwest 
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Wireless 

continued  from  page  1 

Trapeze  has  20.  Aruba  has  up  to 
six  Gigabit  Ethernet  uplink  ports, 
Extreme  has  four,  and  Trapeze 
has  two. 

Extreme  executives  empha¬ 
size  the  Layer  3  capabilities  of 
their  new  switch,  such  as  IP  fil¬ 
tering  and  quality  of  service. 
But  Trapeze  executives  say 
focusing  on  Layer  2  makes  for 
simpler  and  less-expensive 
switch  deployment,  although 
Trapeze  does  support  some 
Layer  3  features. 

And  each  vendor  sounds  a  dif¬ 
ferent  marketing  theme.  Aruba 
focuses  on  software  that  lets  the 
switch  track  wireless  users 
across  subnets,  maintaining  each 
user’s  access  and  service  privi¬ 
leges. 

Extreme  describes  its  switch  as 
one  that  adapts  the  wired  net¬ 
works  edge  to  seamlessly  han¬ 
dle  any  kind  of  IP-enabled  client, 
wired  or  wireless. 

Trapeze  touts  a  sophisticated 
graphical  user  interface  software 
package,  called  RingMaster, 
which  can  simulate  the  WLAN 
and  translate  the  simulation  into 
configuration  instructions  for  the 
access  points. 

Curing  headaches 

The  network  headaches  that 
such  products  are  designed  to 
heal  are  growing  more  painful  for 
network  executives. 

“When  you  have  more  than 
about  10  wireless  access  points, 
they  just  get  difficult  to  trouble¬ 
shoot  and  maintain," says  Abner 
Germanow,  enterprise  networks 
research  manager  for  IDC.  “If 
you  deploy  a  lot  of  access 
points  and  one  of  them  goes 
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Aruba's  approach 


The  Aruba  5000  switch,  which  resides  in  a  data  center 
or  wiring  closet,  lets  companies  tie  wireless  LANs 
into  enterprise  networks.  Here  are  some  of  the 
devices  features. 

Standard  features 

•  Automatic  detection,  setup  of  Aruba  access  points. 

•  Use  of  an  array  of  security,  authentication  and  access  control 
standards  (such  as  Advanced  Encryption  Standard,  IP  Security 
and  802.1x). 

Optional  features 

•  Maintenance  of  VPN 
connections  across  subnets. 

•  Detection  of  rogue  access 
points  and  clients. 


down  today,  it’s  difficult  to  know 
that  without  walking  around 
with  laptop  or  PDA  scanner.” 

What  network  executives  want, 
Germanow  says,  is  to  centralize 
the  configuration  and  manage¬ 
ment  of  WLANs  that,  today,  are 
separate  from  the  wired  back¬ 
bone. 

“We’ve  got  a  big  management 
problem  with  560  access  points,” 
says  Brad  Noblet,  director  of 
technical  services  at  Dartmouth 
College  in  Hanover,  N.H.  He  will 
begin  a  pilot  network  using  the 
new  Aruba  5000  switch  later  this 
month. 

Dartmouth’s  WLAN  is  already 
so  extensive  and  pervasive  that 
students  canoeing  on  the  nearby 
Connecticut  River  can  get  wire¬ 
less  access.  But  incorporating 
new  technologies,  such  as  54M 
bit/sec  802.1  lg  radios,  and  new 
standards  such  as  802.1  li  for  im¬ 
proved  wireless  security,  promis¬ 
es  to  be  an  administrative  night¬ 
mare  and  expensive. 

“Most  of  the  wireless  switch 
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vendors  are  touting  fea¬ 
tures  that  will  let  me  control 
power  levels  [for  the  access 
point  radios],”  Noblet  says.  By 
lowering  the  radio  power,  he  can 
shrink  the  size  of  the  radio  enve¬ 
lope  around  an  access  point  and 
pack  more  access  points  into  an 
area. 

Aruba’s  switch  also  will  give 
him  a  real-time  radio  “map.”  He 
can  see  the  health  of  each 
access  point,  how  many  users 
are  associated  to  it,  which  users 
and  what  services  they’re  using. 
All  that  is  invisible  to  network 
executives  today. 

Aruba’s  angle 

The  Aruba  5000  switch  is  a 
modular  box  that  can  be  fitted 
with  24, 48  or  72  ports.  An  eight- 
port  box  for  branch  offices  and 
similar  sites  are  expected  by 
year-end. 

The  5000  is  designed  to  plug 
into  the  network  core  at  the  data 
center.  Access  points  can  plug 
directly  into  it  or  communicate 
with  the  switch  via  a  wiring  clos¬ 
et  Layer  2  switch  and  the 
Generic  Routing  Encapsulation 
protocol. 

Two  optional  software  prod¬ 
ucts  can  be  loaded  on  the 
switch.  One  is  a  group  of  security 
programs,  including  mobile 
VPNs  and  what  Aruba  calls  “per¬ 
user  firewalls.”  The  second  is  a 
group  of  radio  frequency  moni¬ 
toring,  calibrating  and  trouble¬ 
shooting  tools,  which  can  do 
jobs  such  as  detect  rogue  access 
points,  adjust  power  levels  and 
channel  assignments  for  the 
access  points. 

The  Aruba  50  access  point 
has  one  IEEE  802.11b  (11M 
bit/sec)  radio  interface  and 
one  802.11a  (54M  bit/sec) 
radio  interface.  It  can  run  both 
at  the  same  time.  The  Aruba  25 


has  one  802.11b  radio. 

Pricing  for  the  Aruba  5000 
switch  starts  at  $17,000.  The 
Aruba  50  access  point  costs 
$800;  the  Aruba  25  costs  half  that. 
The  company  plans  to  ship  them 
all  in  June.  Pricing  for  the  soft¬ 
ware  suites  is  not  yet  finalized. 

A  new  Summit 

Extreme’s  offering,  the  Summit 
300-48,  is  a  Layer  2/Layer  3  access 
switch  designed  to  handle  both 
wireless  and 
wired  client 
devices.  It’s  part 
of  Extreme’s 
existing  Summit 
line  of  access 
switches  and 
connects  to  distribu¬ 
tion  switches  such  as  Extreme’s 
Alpine  box  (see  more  Extreme 
product  news,  page  17). 

The  Altitude  300  access  point, 
dubbed  an  “access  port”  by 
Extreme’s  marketeers,  can  run 
two  radios,  supporting  802.11a, 
802. lib, and  the  not-yet-ratified 
802.1  lg  standards. 

These  products  are  scheduled 
to  ship  by  July  The  Extreme  300- 
48  switch  is  $6,500;  the  Altitude 


300  access  point  is  $600 

Trapeze  swings  into  action 

Newcomer  Trapeze  says  its 
Mobility  Exchange  has  been 
designed  to  track  each  user  on  a 
WLAN  and  hand  off  the  full  set 
of  authentication  and  privileges 
no  matter  where  the  user  moves. 
The  hardware  design  does  this 
fast  enough  for  wireless  voice 
over  ip  the  company  says. 

The  access  point  is  called 
Mobility  Pbint  and  the  circular 
device  is  about  the  size  of  a 
home  smoke  detector.  One  ver¬ 
sion  is  a  single  radio,  either 
802.11a  or  802.11b;  another  ver¬ 
sion  has  two  radios,  an  802.11a 
and  an  802.11b. 

RingMaster  software  can  im¬ 
port  files  of  a  building’s  floor 
plans,  including  AutoCAD  file 
formats. 

A  pilot  starter  kit,  with  the 
switch,  21  access  points  and  five 
RingMaster  licenses,  costs 
$9,500.The  product  is  scheduled 
to  ship  in  June.  ■ 
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A  better  wireless  LAN  chip? 

Engim,  a  fabless  silicon  design  start-up,  has  begun  making 
available  samples  of  a  chipset  designed  to  boost  the  capa¬ 
city  of  wireless  LAN  access  points  by  up  to  50  times. 

Today,  an  802.11b  access  point  has  available  three  nonover¬ 
lapping  channels  of  the  radio  spectrum  to  use;  802.11a  devices 
have  eight,  for  a  total  of  11  spectrum  slices.  But  every  access 
point  is  set  to  send  and  receive  over  only  one  channel,  ignoring 
the  others.  If  several  wireless  users  connect  to  that  access 
point,  they  take  turns  using  that  one  channel. 

The  Engim  chipset  "sees"  and  uses  all  these  eleven  channels 
at  the  same  time.  The  effect  is  comparable  to  stacking  up  a 
bunch  of  access  points  and  wrapping  them  together  with  duct 
tape.  However,  the  resulting  interference  from  the  stacking 
method  could  cause  throughput  to  plunge. 

"We  digitize  the  entire  802.1  la/b  spectrum  and  use  digital 
signal-processing  technology  to  reduce  or  eliminate  this 
interference,"  says  Scott  Lindsay,  Engim’s  vice  president  of 
marketing. 

The  Engim  chips  make  it  possible  to  put  features  into  silicon 
that  the  wireless  LAN  switch  makers  currently  have  to  imple¬ 
ment  in  software.  Engim-equipped  access  points  will  work 
automatically  as  radio  wave  monitors,  making  it  easier  for  the 
switches  to  detect  rogue  access  points,  automate  wireless 
site  surveys  and  do  load  balancing  between  access  points, 
the  company  says. 

Major  wireless  LAN  vendors  are  using  several  Engim  devel¬ 
opment  kits,  according  to  Lindsay,  who  declined  to  be  more 
specific. 

Several  integrated  circuit  design  experts  from  the 
Massachusetts  Institute  of  Technology,  Motorola  and  Texas 
Instruments  founded  Engim  in  January  2001.  It  is  funded  by 
Bessemer  Venture  Partners,  Matrix  Partners,  and  private 
investors. 

—  John  Cox 
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Restrategizing  support 
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n  these  times  of  economic  woe, 
you  have  to  get  clever  if  you 
want  to  stretch  your  budget.  And 
one  area  where  we  spend  lots  of 
money  is  supporting  in-house  users. 
1  see  the  problem  this  way:  At  one 
end  of  the  spectrum, you  lock  down  users  to  the 
point  that  they  can’t  breathe  unless  you  give  them 
permission. At  the  other  end, you  let  them  do  what¬ 
ever  they  want  —  the  “anything  goes’’ approach. 

The  former  strategy,  lockdown,  has  some  major 
benefits: You  don’t  get  any  surprises,  or  at  least  very 
few.  Costs  and  labor  are  manageable,  on  the  whole, 
because  you  know  the  dimensions  and  scale  of 
everything.  And  there  is  no  opportunity  for  devia¬ 
tion.  If  a  particular  software  title  isn’t  corporately 
sanctioned,  it  isn’t  an  option. 

There’s  a  cool  utility  called  DeepFreeze  that  can 
make  such  a  strategy  work.  Published  by  Faronics 
Technologies,  it  locks  the  configuration  of  PCs  run¬ 
ning  Windows  95,98,  ME,  2000  or  XP,  and  wipes  out 
any  changes  made  in  the  previous  session  when  the 
system  is  restarted.  (You  can  assign  areas  where 
changes  will  be  preserved  from  session  to  session.) 

DeepFreeze  is  used  widely  in  education  environ¬ 
ments,  and  as  far  as  I  can  determine  has  yet  to  be 
hacked,  though  many  have  tried  (the  company  runs 
a  “Crash  this  Computer,  Win  $500”  challenge  at  trade 


shows  and  so  far,  no  winners). 2600  Magazine  (aka 
The  Hacker  Quarterly)  recently  ran  a  story  on  Deep¬ 
Freeze,  but  it  was  really  a  discussion  of  what  the 
product  does  and  had  no  helpful  hacking  advice. 

The  pricing  of  DeepFreeze  is  pretty  good:  10  seats 
with  a  one-year  maintenance  package  works  out  at 
just  less  than  $42  per  seat  —  at  1 ,000  seats  it  drops  to 
$10  per  seat.  Faronics  also  has  an  enterprise  version 
in  the  works  to  provide  centralized  administration. 

But  the  key  to  making  lockdown  attractive  to  man¬ 
agement  is  to  minimize  the  cost  of  support.  For 
example, you  might  require  all  support  requests  be 
conducted  through  a  Web  interface.The  goal  is  to 
diagnose  whatever  problem  the  user  has  and  give 
the  user  the  information  to  solve  the  problem. 

Then  if  your  machine  is  really  dead,  tech  support 
will  replace  it.  And  the  crucial  thing  is  that  they  will 
wheel  out  the  old  one  with  no  futzing  around;  any¬ 
thing  that  isn’t  backed  up  never  will  be  seen  again. 
Doesn’t  matter  what  is  on  the  machine,  the  rule  is 
that  the  machine  will  be  serviced  if  possible  and 
returned  to  the  replacement  pool.  End  of  story 

This  wouldn’t  work  for  environments  where  profes¬ 
sional  autonomy  is  expected,  but  for  clerical,  sales 
and  production  it  could  be  an  answer. 

So  how  would  you  get  a  lockdown  strategy  at  your 
organization?  A  simple  cost  spreadsheet  should  do 
the  trick.  If  you  can’t  show  that  significant  cost  sav¬ 


ings  are  possible,  you  will  not  get  the  attention  and 
support  of  the  CEO.  And  without  the  CEO’s  support, 
a  lockdown  strategy  ain't  goin’  to  happen. 

How  about  the  “anything  goes”  strategy?  It  all  relies 
on  the  computer  skills  of  your  users. Young  hires  are 
likely  to  have  reasonable  computer  knowledge 
while  older  employees  might  not, so  you’d  have  to 
make  PC  education  available  to  and  expected  of  all 
staff. They  would  be  given  preconfigured  PCs  with 
the  required  corporate  software  and  told  they  can 
do  as  they  please. 

Tell  them  that  if  the  hardware  breaks,  here’s  where 
you  can  get  a  swap-out;  if  the  operating  system  gets 
messed  up,  here’s  the  restore  disk,  and  so  on. 

Could  “anything  goes”  work?  I  don’t  know.  But  from 
reader  letters  1  know  most  of  you  sit  in  the  middle  of 
these  two  extremes  with  a  lot  of  support  overhead 
eating  up  your  budgets. 

If  you  are  an  IT  company  such  an  expense  is  in 
line  with  your  core  competency.  But  if  you’re  not, 
then  the  question  is  whether  you  should  provide 
anything  more  than  a  basic  support  service. 

So  where  are  you  now?  If  you  are  in  the  middle,  is 
that  where  you’ll  stay?  Or  is  it  time  to  try  another 
strategy  such  as  lockdown  or“anything  goes”? 

Draconian  plans  or  otherwise  to  backspin 
@gibbs.com. 
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By  Paul  McNamara 


Fighting  spam  with  poetry  and  lawyers 

Rarely  does  Buzz  root  for  the  guys  filing  the 
lawsuits, 

And  never  —  at  least  not  that  I  can  recall  —  have 
I  used  the  word  “unique"  to  describe  anything.  (It’s 
considered  presumptuous  in  my  profession,  unless 
you're  writing  about  snowflakes.) 

Today,  let's  get  crazy  and  ignore  both  rules. 

Attorneys  fighting  the  good  fight  for  an  antispam  start-up  called  Habeas  recently 
dropped  lawsuits  on  five  individuals  and  companies.  The  suits  accuse  the  five  of  in¬ 
fringing  on  a  Habeas  trademark  and/or  breaching  their  contracts  with  the  company. 

What  do  such  legalisms  have  to  do  with  spam? 

Habeas  sells  a  software-and-service  package  called  Sender  Warranted  E-mail 
(SWE)  that  is  designed  primarily  to  address  the  growing  problem  of  overeager 
spam  filters  gobbling  up  legitimate  e-mail  sent  by  legitimate  businesses.  A 
founder  of  a  different  antispam  start-up  recently  told  me  he  had  counted  no  less 
than  400  antispam  products  and  services  out  there  in  the  market . . .  before  giv¬ 
ing  up  the  search.  Near  as  I  can  tell,  Habeas  is  unique  among  them.  (My  gosh,  I 
typed  that  word  and  not  a  bolt  of  lightning  has  descended.) 

As  those  who  have  read  about  the  company  know,  what  makes  Habeas  unique 
is  that  it  relies  on  well-established  trademark  law  —  and  poetry,  of  all  things  —  to 
take  on  spammers  who  have  proven  largely  impervious  to  other  legal  deterrents 
and  technological  measures  such  as  filtering,  blacklists  and  white  lists. 

In  a  nutshell,  SWE  provides  legitimate  e-mail  senders  with  a  nine-line  “warrant 
mark'  the  first  three  lines  of  which  are  a  haiku  —  that  are  inserted  into  the  head¬ 
er  of  every  message,  or  at  least  every  message  that  might  be  mistaken  for  spam. 
Presence  of  the  warrant  mark  signifies  that  the  message  is  not  spam,  so  ISPs  and 


individuals  —  who  pay  nothing  for  the  privilege  —  can  let  it  pass  through  their  spam 
defenses.  SWE  costs  $499  a  year  for  corporations  and  a  penny  per  message  for 
bulk  e-mail  companies,  up  to  a  maximum  of  $3,000  per  month. 

Why  a  poem,  you  ask. 

"Copyright  does  not  protect  names,  titles,  slogans  or  short  phrases;  it  does  pro¬ 
tect  poetry.  Further,  there  is  a  long  tradition  of  geek  haiku,"  explains  the  compa¬ 
ny’s  exhaustive  FAQ  section. 

The  legal  fun  starts  when  a  Habeas  customer  gets  caught  seeding  spam  or 
someone  hijacks  the  trademark  in  an  attempt  to  fool  filters.  Habeas  promises  to 
sue  every  such  violator. 

"When  we  go  to  court,  the  issue  really  isn’t  about  spam,”  says  Habeas  CEO 
Anne  Mitchell.  That’s  a  key  point  in  terms  of  the  company's  business  strategy,  she 
says.  Whereas  laws  governing  spam  are  muddled  and  unproven,  every  judge  in 
the  U.S.  is  comfortable  enforcing  trademark  law. 

But  aren't  they  going  to  have  trouble  taking  this  haiku  business  seriously? 

"Lay  people  may  not  get  at  first  blush  why  this  has  some  really  serious  teeth,  in 
part  because  it's  a  cute  little  friendly  haiku,"  Mitchell  says.  "However,  it's  pretty 
easy  to  get  them  to  understand  that  there's  also  a  cute  little  friendly  mouse 
named  Mickey,  and  Lord  help  you  if  you  put  him  on  your  letterhead." 

That  explanation  works  for  me. 

What  remains  to  be  seen  is  how  this  legal  theory  works  in  real  life.  While  the 
alleged  spammers  Habeas  is  suing  conceivably  could  face  fines  of  up  to  $1  mil¬ 
lion,  the  company  says,  Habeas  itself  has  even  more  at  stake  in  these  initial 
cases:  its  very  existence. 

Win  a  string  of  lawsuits,  collect  a  string  of  judgments,  and  Habeas  might  really 
be  on  to  something. 

Lose  and  they'll  be  Habeas  corpses. 

Comments  —  in  haiku  or  otherwise  —  should  be  sent  to  buzz@nww.com. 


If  you've  got  questions  about 
storage  solutions,  the  answers  are  in 

Storage  Solutions:  A  Buyer's  Guide. 


Premium  Sponsors  of 
Storage  Solutions: 

A  Buyer’s  Guide 


Quantum. 

Novell, 


Determining  the  best  fit  for  each  business  application  can  absorb  every  cycle  your  IT  organization  has 
available.  What  solutions  are  available  from  which  vendors  today?  What  are  their  products’  strengths  and 
weaknesses?  What  third-party  products  do  they  work  with?  What  does  the  vendor  charge  for  the  complete 
solution?  With  Storage  Solutions:  A  Buyer’s  Guide,  you  will  have  a  comprehensive  set  of  answers  to  these  and 
other  important  questions  in  the  palm  of  your  hand  without  days  and  weeks  of  laborious  research. 

Mike  Karp  and  Anne  Skamarock,  recognized  authorities  on  storage  management,  have  compiled  analyses  of 
each  company’s  target  markets,  product  features,  technologies,  level  of  integration,  pricing  models  for  both 
product  and  maintenance,  and  each  vendor’s  strengths  and  weaknesses.  Mike  and  Anne  are  Senior  Analysts 
for  Enterprise  Management  Associates — an  industry  analyst  firm  focused  specifically  on  management 
software  and  services. 

In  addition  to  its  comprehensive  product  directory,  Storage  Solutions:  A  Buyer’s  Guide  also  includes  guidance 
on  selecting,  deploying  and  maximizing  your  investments  in  storage  and  storage  management.  Affordably 
priced  at  $29.95,  this  guide  is  a  must  for  anyone  who  is  serious  about  managing  storage  within  the 
enterprise. 

To  purchase  Storage  Solutions:  A  Buyer’s  Guide,  v isit  EMA’s  Website  at: 

http://www.enterprisemanagement.com/storagebuyersguide.html. 
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Can  your  antivirus  software  provide  double  the  scanning  power?  Ours  can. 

Making  sure  your  company  is  secure  gets  more  and  more  difficult  every  day.  That's  why  eTrusf“  Antivirus  v7  from  Computer 
Associates  uses  dual  scanning  engines  to  ensure  comprehensive  virus  protection.  It  processes  data  in  real  time  to  search 
out  and  eliminate  viruses,  and  it  also  scans  files  during  prescheduled  and  off-peak  hours.  All  at  the  cost  of  most  single¬ 
engine  AV  products.  It's  more  than  just  twice  the  protection.  It's  twice  the  peace  of  mind.  ca.com/etrust/antivirus 
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